University of Wisconsin–Madison
W crest with the words Cyber Safe underneath.

Cybersecurity roundup: 7-Zip & Twitter

Update 7-Zip to fix a serious vulnerability

If you’re using the popular utility 7-Zip and don’t update to the latest version, you could be leaving your PC vulnerable, allowing bad guys to:

  • install programs on your PC,
  • view, edit, or delete data, or
  • create new user accounts with full access rights.

On May 1, 2018, the Center for Internet Security issued advisory #2018-049 outlining the threat. They rate the risk to all users as high, though as yet, “There are currently no reports of this vulnerability being exploited in the wild.”

Since then, media outlets such as PC Gamer have also reported the vulnerability.

To mitigate the threat, you should be using version 18.05 or higher.

To prevent vulnerability to your PC, CIS recommends:

  • Update 7-Zip to the latest version. Updates for 7-Zip can be found at 7-zip.org
  • Don’t run 7-Zip with Administrator privileges

If you haven’t changed your Twitter password since May 3rd, do it now

On May 3rd, Twitter announced that they discovered a bug that resulted in passwords being stored in an unsecure manner. The passwords were being stored is an internal log file, in plaintext, i.e., without being encrypted.

While it is not clear that that anyone has gained access to these passwords or misused them, the Federal Trade Commission (FTC) has recommended that users change their passwords for Twitter and any other accounts for which they use the same password.

Sources:

https://www.us-cert.gov/ncas/current-activity/2018/05/07/FTC-Releases-Alert-Exposed-Twitter-Passwords