Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Passcodes are protected by Fifth Amendment, says court

You do not have to give your passcode to the police.  The courts say it amounts to self-incrimination.  The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.

ST15-003: Before You Connect a New Computer to the Internet

12/15/2015 06:07 PM EST  Last revised: October 29, 2018

Because computers play such critical roles in our lives, and because we input and view so much personally identifiable information (PII) on them, it’s imperative to implement and maintain computer security. Strong computer security ensures safe processing and storage of our information.  Read the full article to receive all the valuable tips.

ST18-006: Website Security

11/01/2018 12:20 PM EDT  Original release date: November 01, 2018

Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.  Cyberattacks against public-facing websites—regardless of size—are common.  Read this article for tips on securing yours.

Update now! WordPress sites vulnerable to WooCommerce plugin flaw

Researchers have published details of a dangerous flaw in the way the hugely popular WooCommerce plugin interacts with WordPress that could allow an attacker with access to a single account to take over an entire site.

[WordPress Security] Trends Emerging Following Vulnerability in WP GDPR Compliance Plugin

Wordfence Threat Intelligence Team has been monitoring attacks that are targeting the recently reported vulnerability in the WP GDPR Compliance plugin. To help developers, security operations staff and other defenders, we have published a technical post that describes the TTPs (tactics, techniques and procedures) and the IOCs (Indicators of Compromise) associated with the attackers.

VMware Releases Security Updates

11/09/2018 01:59 PM EST  Original release date: November 09, 2018

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.  NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates.

Problems with VirtualBox, too.

A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the info-sec industry.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.