Newsletter

open source and cybersecurity news

April 14, 2023

Web Security Headers, Elementor Plugin Flaw, Embassy Tech Pros

In this Episode:

Episode Transcription:

Trac Bannon:

Did you know that the State Department has a new Bureau of Cyberspace and Digital Policy? I was very surprised to find out it was established about a year ago. It includes an ambassador at large, a role I also didn’t know existed.

Hello, this is Trac Bannon reporting from Camp Hill, Pennsylvania.

The State Department is also called the Department of State or DOS. It carries out Whitehouse foreign policy with a host of different functions including staffing the US embassies around the world. Nathaniel Fick holds the role of ambassador at large and has shared a very smart plan to build digital and cyber competencies for DOS.

By the end of next year the plan is to have a digital and cyber officer at every US embassy around the world. They are driving fast and hard to make this happen, including creating new skills codes for personnel who work on cyber, digital, and emerging tech issues. One of the biggest hurdles to hiring into government roles are the archaic skills codes.

The State department’s Foreign Service Institute is also offering a course in cyber and digital policy. Students have swarmed and they will be adding more session. Why though? Because every aspect of the world we live in is being touched by technology. Our digital world is also a cyber threat actor’s playground.

Identifying threats, enabling new policy, and engaging with our allies on new tech adoption is key. We must stay ahead of the emerging threats. America is still considered a leader in tech and cyber, so this step is necessary to keep the world safe.

Something to noodle on.

[00:01:40] Edwin Kwan:

This is Edwin Kwan from Sydney, Australia.

With web applications being a target for numerous cyber attacks, the SANS Internet Storm Center has released an article sharing the three must have security HTTP headers for controlling many easily preventable vulnerabilities.

The first is http strict transport security. This tells the browser to only connect to the web server using https, secure connections. Doing that helps avoid a man in the middle attack.

The second is to set a content security policy. This helps protect against attacks like cross-site scripting, cross-site injection, and clickjacking.

The final HTTP security header is Access-Control-Allow-Origin. This header ensures that external resources are only being sourced from a specific origin and therefore avoids possible cross-site attacks from untrusted domains.

So there you have it. Make sure you have those three security http headers configured for your web application to increase your cyber risk protection.

[00:03:29] Katy Craig:

WordPress is a widely used content management system that powers millions of websites globally. It’s popular for its ease of use, flexibility, and vast array of plugins, such as the Elementor Pro website builder plugin I’m reporting on today.

This is Katy Craig in San Diego, California.

A recently patched security vulnerability in the Elementor Pro plugin is a high severity flaw that can be traced back to a case of broken access control and effects versions 3.11.6 and earlier. Thankfully, the vigilant plugin maintainers have already released a fix in version 3.11.7, so if you haven’t updated yet, it’s time to hit that button.

Now you may be wondering what’s at stake here and who may be impacted? Well, if successfully exploited by an authenticated attacker, this vulnerability could lead to a complete takeover of WordPress sites with WooCommerce enabled. This means that website owners, businesses, and individuals using WordPress in combination with Elementor Pro and WooCommerce are at risk. Given the popularity of these plugins, the scale of the potential impact is significant.

But fear not. For every problem, there’s a solution. The best course of action is to update your Elementor Pro plugin to version 3.11.7 or later as soon as possible. This simple step can save you from a whole lot of headaches and potential virtual heartaches.

In the spirit of keeping things light, let’s take a moment to appreciate the developers who work tirelessly to patch these vulnerabilities. Like our favorite superheroes, they swoop in to save the day and our websites from the perils of cyber threats. So hats off to them.

This is Katy Craig. Stay safe out there.

[00:05:29] Marcel Brown:

This is Marcel Brown, the most trusted name in technology coming at you with your technology history for April 14th and April 15th.

April 14th, 1912. The RMS Titanic strikes an iceberg four days into its maiden voyage. Over 1500 passengers drown when the ship sinks early the next morning. However, the Marconi wireless equipment on board is used to call for help effectively saving 700 people.

It was stated that ” those who have been saved have been saved through one man, Mr. Marconi and his wonderful invention.”

April 14th, 1981. The first test flight of the first operational space shuttle, the Columbia, ends successfully as the orbiter lands at Edwards Air Force Base in California, two days after launching.

April 15th, 1892. The General Electric Company, GE, is founded. It was formed by the merger of Edison General Electric, started by Thomas Edison in 1890, and the Thompson Houston Electric Company. GE was one of the original 12 companies listed on the Dow Jones Industrial Average, and in 2010 was ranked by Forbes as the world’s second largest company.

April 15th, 1977. The first annual West Coast computer fair is held over three days in San Francisco, California, attended by 12,750 people. The fair features the debut of the Apple 2 computer, which featured 16 kilobytes of memory, Basic, a built-in keyboard, eight expansion slots and built-in high resolution color graphics.

Many credit this event and the launch of the Apple 2 as giving birth to the personal computer industry.

April 15th, 2002. Budding entrepreneur, Marcel Brown, starts his first day as a full-time self-employed professional after years of helping people in small businesses with their technology needs on the side. It was from this humble beginning that a technology empire of unprecedented scale was created.

Okay, well maybe that’s not all quite true yet, but with any luck soon, it could be. But seriously, yes. This is the day I consider to be my, uh, business anniversary. So happy 21 years in business to me .

Anyway, that is your technology history for today. For more, tune in next week and visit my website ThisDayInTechHistory.com.

Contributors:

Comments:

Leave the first comment

Newsletter