WyzGuys Tech Talk

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Webinar:  Anatomy of a Phishing Exploit

Cyber-hygiene alert!!  You are invited to a one hour seminar titled Anatomy of a Phishing Exploit.  I will be the presenter

Understand cyber-hygiene essentials to secure your data from phishing attacks in a highly informative, one-hour webinar organized by Vinsys.  The heaping cases of cybercrime worldwide has raised a serious concern to organizations and their data. This webinar gives you a briefing about the many types of phishing attacks and methods to detect and avoid such attacks. It also takes you deeper into understanding the loopholes that could help you establish a highly secure network system.

Reduce risks of a phishing exploit. Don’t miss this webinar!

Webinar Details:

  • Presenter – Bob Weiss
  • Mode – MS Teams
  • Date – Jan 25, 2022
  • Timing – 1:00 pm – 2:00 pm (EST)

REGISTER HERE


Log4Shell-like security hole found in popular Java SQL database engine H2

“It’s Log4Shell, Jim, but not as we know it.” How to find and fix a JNDI-based vuln in the H2 Database Engine.


January 6, 2022 – Brian Krebs
Bob’s comment:  This is un-forking believable.  A formerly well-regarded security app is stealing processor cycles and memory from its customers, who have paid for the pleasure!

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”


Norton 360 wants to pay you a pittance to mine Ethereum cryptocurrency

The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.


Need Photoshop and Graphic Design Lessons?  Check Out Photoshop Buzz

June Escalada reached out to me to point out a dead link in a 2007 post to Tutorialized.com, which closed in 2019.  She runs the site Photoshop Buzz. and asked me to update the old link with her site information.  So if you are missing Tutorialized.com, please check out June’s site.  Here’s her email.

My name is June, a photographer and writer who runs a blog called PhotoshopBuzz as a side hustle.  I’m writing to you here today because I noticed that you have a broken link to a website called Tutorialized.com, a Photoshop and flash tutorial community launched way back in 2004 but unfortunately closed in 2019. Now the website shows “has expired and is parked free”.  You link to Tutorialized on this page: https://wyzguyscybersecurity.com/computer-illiteracy-is-expensive/

Tutorialized.com was my go-to place for Photoshop learning when I was a newbie. Anyway, I now also run a Photoshop tutorial site and we’ve published over 200+ in-depth how-to articles. Here it is if you want to take a look:  https://www.photoshopbuzz.com/  Would you consider updating your web page and swapping out the link of Tutorialized for my site?

Yes I would, June.


Why not a four-day workweek?

We’re no longer a 19th-century economy, and it’s time to stop thinking of our workweek that way.  Does such a new work world need a 40-hour workweek? Many companies are saying no. And guess what? For them, a four-day workweek with 32-hours does just fine.  More…


URL parsing: A ticking time bomb of security exploits

The modern world would grind to a halt without URLs, but years of inconsistent parsing specifications have created an environment ripe for exploitation that puts countless businesses at risk.  How Log4j works, and why it is not the only problem with parsers.


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.