Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


BlueBorne Bluetooth Vulnerabilities

09/12/2017 05:26 PM EDT  Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.


Analysis of new NIST password guidance

Too many people are giddy about getting the green light for easier passwords, but aren’t reading the fine print.


BitCoin A Fraud?

JPMorgan CEO Jamie Dimon calls bitcoin — which is at more than $4,100 right now — a fraud, says it’s “worse than tulip bulbs.” (Reuters)


Apple Releases Security Updates

09/19/2017 04:56 PM EDT  Original release date: September 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:


WordPress Releases Security Update

09/20/2017 08:50 AM EDT Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.


Experian Site Can Give Anyone Your Credit Freeze PIN

NOT Experian!  This time Equifax!  Am I the only one who thinks that Equifax and TransUnion a both probably as poorly secured as Equifax?  Have we forgotten the flood of retail breaches the followed hard on the Target Christmas breach?  Why should this time be different?


‘Smart’ Hospital IV Pump Vulnerable To Remote Hack Attack

More “Internet of Vulnerable Medical Things” from TechDirt – security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously.


WordPress 4.8.2 is out, update your website now

WordPress 4.8.2 is out, featuring nine security fixes website owners will want to apply, well, now.

All told, there have been six updates this year featuring security fixes, including January’s silent patch for a nasty zero day, this being the first since May’s v4.7.5.


 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment