Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Update Your TOR Browser

Update your Firefox to version 66.0.4 and your TOR browser to version 8.0.9 to fix the problem with intermediate certificate verification.


FTC Releases Article on Keeping Children Safe Online

Original release date: April 26, 2019

The Federal Trade Commission (FTC) has released an article with tips for parents to keep their children safe online.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and the following additional resources for more information:


Microsoft drops password expiration from Windows 10 security

NIST said forced password changes were unnecessary 3 years ago.  Microsoft has recognized that users don’t actually change their passwords when prompted, they just tweak them. And that doesn’t help anyone.


NSA asks to end mass phone surveillance

OK, maybe I believe them.  But what about selective phone surveillance?  The NSA has asked the White House to end its mass phone surveillance program because the work involved outweighs its intelligence value.


DNS over HTTPS is coming whether ISPs and governments like it or not

DNS over HTTPS (DoH), backed by Google, Mozilla and Cloudflare, is about to make web surveillance a lot more difficult.


Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers

Original release date: April 17, 2019

The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom WiFi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.


Dragonblood: Data-leaking flaw in WPA3 Wi-Fi authentication

Researchers have discovered several holes in a new security protocol for wireless networks.


Vulnerability in Multiple VPN Applications

Original release date: April 12, 2019

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available.


 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.