A quick Saturday digest of cybersecurity news articles from other sources.
May the Fourth Be With You
It’s Star Wars Day!! May the force be with you. Jedis, Greys, and Sith unite for a day for video watching and beer.
Huge Win 10 version 1903 requires 32 GB to install
You might want to check your free space on your C drive before Patch Tuesday rolls around. Thanks for the alert DHub.
Chrome, Safari and Opera criticized for removing privacy setting
Forthcoming versions of the Chrome, Apple Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings.
Fired sysadmin pleads guilty to doxxing five senators on Wikipedia
Cosko, 27, pleaded guilty to five counts including making public restricted personal information, computer fraud, witness tampering and obstruction of justice.
New tool automates phishing attacks that bypass 2FA
Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.
Trouble for WordPress Plugin Yellow Pencil Visual Theme Customizer
The WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday the details of an unpatched vulnerability in the plugin were posted by a security researcher. We are now seeing a high volume of attempts to exploit the vulnerability.
ST19-001: Protecting Against Ransomware
Original release date: April 11, 2019. A great article with lots of detail and ideas from US-CERT
What is ransomware? Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
Serious Security: How web forms can steal your bandwidth and harm your brand
Got a mailing list? Ever signed up for one? Ever stopped to think how a crook could abuse the security-related confirmation process?
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com