A quick Saturday digest of cybersecurity news articles from other sources.
Bug fixes, patching, and update edition
Seems to be a lot of bug fixes going around. Patches and updates are a critical part of good security. Here are a few important ones.
Bug Bounty Programs Are Being Used to Buy Silence
Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: read more…
Security and Privacy Implications of Zoom
Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds. Read more…
Tor browser fixes bug that allows JavaScript to run when disabled
The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.
WordPress to get automatic updates for plugins and themes
Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.
Slack fixes account-stealing bug
Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.
EU Considering Enacting Right-To-Repair To Return Power To Consumers, Protect The Environment
from the hopefully-not-too-little-too-late dept
We need to demand this right in the US. Right-to-repair laws are still a work in progress, mainly due to industry opposition. The wants and needs of millions of device/vehicle owners don’t amount to a hill of beans in this world full of interloping industry leaders, as noted DIY repairman/nightclub owner Rick Blaine once sourly noted. Allowing people to actually own the things they’ve purchased seems like a foreign concept to… (full story)
VMware patches virtualisation bugs
Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.
Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
What’s the difference between a scheduled security update and one that’s out-of-band? In this case, it’s two days.
Open source bugs have soared in the past year
Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.
Patch now! Critical flaw found in OpenWrt router software
OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.
Thousands of Android apps contain undocumented backdoors, study finds
A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldn’t expect to exist.
Mad Magazine Co-Creator Mort Drucker Dead at 91
Share
APR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com