A quick Saturday digest of cybersecurity news articles from other sources.
Update Your TOR Browser
Update your Firefox to version 66.0.4 and your TOR browser to version 8.0.9 to fix the problem with intermediate certificate verification.
FTC Releases Article on Keeping Children Safe Online
Original release date: April 26, 2019
The Federal Trade Commission (FTC) has released an article with tips for parents to keep their children safe online. The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and the following additional resources for more information:
- Keeping Children Safe Online
- Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens
- Stop.Think.Connect. Toolkit
- Stay Safe Online
- Concerned Parent’s Internet Safety Toolbox
Microsoft drops password expiration from Windows 10 security
NIST said forced password changes were unnecessary 3 years ago. Microsoft has recognized that users don’t actually change their passwords when prompted, they just tweak them. And that doesn’t help anyone.
NSA asks to end mass phone surveillance
OK, maybe I believe them. But what about selective phone surveillance? The NSA has asked the White House to end its mass phone surveillance program because the work involved outweighs its intelligence value.
DNS over HTTPS is coming whether ISPs and governments like it or not
DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.
Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers
Original release date: April 17, 2019
The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom WiFi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.
Dragonblood: Data-leaking flaw in WPA3 Wi-Fi authentication
Researchers have discovered several holes in a new security protocol for wireless networks.
Vulnerability in Multiple VPN Applications
Original release date: April 12, 2019
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available.
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com