A quick Saturday digest of cybersecurity news articles from other sources.
Passcodes are protected by Fifth Amendment, says court
You do not have to give your passcode to the police. The courts say it amounts to self-incrimination. The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.
ST15-003: Before You Connect a New Computer to the Internet
12/15/2015 06:07 PM EST Last revised: October 29, 2018
Because computers play such critical roles in our lives, and because we input and view so much personally identifiable information (PII) on them, it’s imperative to implement and maintain computer security. Strong computer security ensures safe processing and storage of our information. Read the full article to receive all the valuable tips.
ST18-006: Website Security
11/01/2018 12:20 PM EDT Original release date: November 01, 2018
Website security refers to the protection of personal and organizational public-facing websites from cyberattacks. Cyberattacks against public-facing websites—regardless of size—are common. Read this article for tips on securing yours.
Update now! WordPress sites vulnerable to WooCommerce plugin flaw
Researchers have published details of a dangerous flaw in the way the hugely popular WooCommerce plugin interacts with WordPress that could allow an attacker with access to a single account to take over an entire site.
[WordPress Security] Trends Emerging Following Vulnerability in WP GDPR Compliance Plugin
Wordfence Threat Intelligence Team has been monitoring attacks that are targeting the recently reported vulnerability in the WP GDPR Compliance plugin. To help developers, security operations staff and other defenders, we have published a technical post that describes the TTPs (tactics, techniques and procedures) and the IOCs (Indicators of Compromise) associated with the attackers.
VMware Releases Security Updates
11/09/2018 01:59 PM EST Original release date: November 09, 2018
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates.
Problems with VirtualBox, too.
A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the info-sec industry.
Share
NOV
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com