Earlier this year, Wikipedia got a makeover.

Since January, the online encyclopedia—which, according to its Wikipedia, is available in 333 language editions, boasts over 300,000 active editors, and is the seventh-most popular website in the world—has presented itself to the world through the Vector 2022 skin, the first major update since the original Vector rolled out in 2010. The changes, including more white space, a relocated search bar, and a new table of contents, are immediately visible to anyone who’s spent a good amount of time browsing the site.

The main point of Vector 2022 wasn’t to dramatically alter the Wikipedia experience, but to address some longstanding issues with the site’s user interface. Any changes made by the nonprofit that runs Wikipedia, the Wikimedia Foundation, had to be vetted by the site’s international user base of editors, readers, and other volunteers who write the articles.

The foundation’s paid design team was composed of about half a dozen engineers, an engineering manager, a data analyst, a designer, and a community relations specialist, Wikimedia Foundation Lead Product Manager Olga Vasileva told IT Brew. Additionally, they have volunteer community ambassadors who handle outreach to groups like contributors to Farsi or Vietnamese-language Wiki.

Vasileva said that since the rollout of Vector 2010, the Wikimedia Foundation had focused primarily on the experience of its rapidly growing mobile readership, which included large numbers of young people and those living in regions where cell phones remain the primary method of internet access. The desktop experience lagged behind as a result, both in terms of technical improvements and usability for an increasingly diverse user base.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Keeping up with compliance and security can feel like jogging next to someone on an e-bike—but not when you use Vanta. Their market-leading platform automates compliance and security, saving you valuable time, money, and energy.

Vanta automates up to 90% of the work required to complete security audits. If our math is correct, that leaves 10% (!!!) for you and your team. Let’s ponder the 🤌 possibilities 🤌 of all that time back.

Of course, compliance and security are a marathon, not a sprint. That’s why Vanta implements security tools and ongoing monitoring to de-risk your biz. You’ll stay secure at every stage of growth while maintaining centralized vis into your security status.

Ready to catch your breath? Watch a 3-minute demo of Vanta to learn more.

Back at it again.

CISOs enjoyed a brief respite from the sky falling in the immediate post-pandemic era, but the sense of danger from ever-increasing cyberattacks has returned.

That’s according to a new Proofpoint survey of 1,600+ CISOs across 16 different countries, which found that security threats are as bad as ever.

No relief. Proofpoint Global Resident CISO Lucia Milică Stacy said in the introduction to this year’s survey that last year, “with most pandemic disruption overcome, CISOs for a brief time appeared to feel a sense of calm, composure, and confidence in their security posture.”

“Astoundingly, that feeling has already vanished, replaced by elevated concern,” Stacy said.

Unfortunately, the numbers show that last year’s sense of relief was an anomaly. This year, 68% of CISOs polled feel at risk of a material cyberattack, close to 2021’s 64%—but a jump from 2022’s 48%. Preparedness follows the same pattern: 61% of CISOs this year feel unprepared for an attack, similar to 66% in 2021 and a jump from 2022’s 50%.

Danger, danger. A surge in ransomware attacks and sophisticated hacking attacks has added to the panic. Ryan Kalember, Proofpoint EVP of cybersecurity strategy, said in a statement that data loss—attributed in the report partly to high turnover amidst the economic uncertainty of the past year—is contributing to the problem.

CISOs need to “remain steadfast,” Kalember said.

“If recent devastating attacks are any indication, CISOs have an even tougher road ahead, especially given the precarious security budgets and new job pressures,” Kalember said. “Now that they have returned to elevated levels of concern, CISOs must ensure they focus on the right priorities to move their organizations toward cyber resilience.”—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Some top-level domains announced by Google in May have some serious security .implications.

Tag library descriptor (TLD) files like .zip or .mov offer extra bait for phishers who can disguise malicious files with their newly bought domain name.

“The problem is that it sort of confuses what’s a local file and what’s a remote website. So, the distinction between remote and local gets kind of murky here, as far as the user is concerned,” said Johannes Ullrich, dean of research at the SANS Institute.

Shortly after Google’s May 3 domain divulgence, SANS found a spike in new .zip domains, including just under 2,500 on May 14. (It’s unclear how many domain buyers have attacks in mind vs. penetration tests.)

Some recent purchases: chrome-installer.zip, amazon-receipt.zip, and adobephotoshop.zip.

With just these three domains, a phisher could pretend to have an Amazon invoice, which then sends the end-user to a lookalike site that nabs credentials. Or maybe a threat actor could impersonate an IT pro and entice employees to get a false browser update.

A threat actor could use a .zip domain—often automatically hyperlinked and easily clickable in platforms—to mask a malicious file or site. (See a clever demo of URL murkiness here.)

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: A book, a laptop, a bottle, a nail, and nine eggs. That’s how many objects Microsoft researchers asked an experimental AI to decide how to stack on top of each other, before concluding its answer showed signs of “artificial general intelligence.” (the New York Times)

Quote: “It’s also a moral issue. People should get off their goddamn moral high horse with their work-from-home bullshit.”—Elon Musk, speaking during an interview following Tesla’s annual shareholder meeting (CNBC)

Read: How to get rid of a printer properly (short of recreating Office Space). (PC Mag)

Kiss bugs goodbye: Get complete QA coverage for your web apps in just 4 months. With QA Wolf, you have access to unlimited parallel test runs + round-the-clock test maintenance to stop bugs from reaching production.*

^{*This is sponsored advertising content.}