Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

May the Fourth Be With You

It’s Star Wars Day!!  May the force be with you.  Jedis, Greys, and Sith unite for a day for video watching and beer.

Huge Win 10 version 1903 requires 32 GB to install

You might want to check your free space on your C drive before Patch Tuesday rolls around.  Thanks for the alert DHub.

Chrome, Safari and Opera criticized for removing privacy setting

Forthcoming versions of the Chrome, Apple Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings.

Fired sysadmin pleads guilty to doxxing five senators on Wikipedia

Cosko, 27, pleaded guilty to five counts including making public restricted personal information, computer fraud, witness tampering and obstruction of justice.

New tool automates phishing attacks that bypass 2FA

Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.

Trouble for WordPress Plugin Yellow Pencil Visual Theme Customizer

The WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday the details of an unpatched vulnerability in the plugin were posted by a security researcher. We are now seeing a high volume of attempts to exploit the vulnerability.

ST19-001: Protecting Against Ransomware

Original release date: April 11, 2019.  A great article with lots of detail and ideas from US-CERT

What is ransomware?  Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid.  After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.

Serious Security: How web forms can steal your bandwidth and harm your brand

Got a mailing list? Ever signed up for one? Ever stopped to think how a crook could abuse the security-related confirmation process?



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.