A quick Saturday digest of cybersecurity news articles from other sources.
BlueBorne Bluetooth Vulnerabilities
09/12/2017 05:26 PM EDT Original release date: September 12, 2017
US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.
US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.
Analysis of new NIST password guidance
Too many people are giddy about getting the green light for easier passwords, but aren’t reading the fine print.
BitCoin A Fraud?
JPMorgan CEO Jamie Dimon calls bitcoin — which is at more than $4,100 right now — a fraud, says it’s “worse than tulip bulbs.” (Reuters)
Apple Releases Security Updates
09/19/2017 04:56 PM EDT Original release date: September 19, 2017
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:
WordPress Releases Security Update
09/20/2017 08:50 AM EDT Original release date: September 20, 2017
WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.
US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.
Experian Site Can Give Anyone Your Credit Freeze PIN
NOT Experian! This time Equifax! Am I the only one who thinks that Equifax and TransUnion a both probably as poorly secured as Equifax? Have we forgotten the flood of retail breaches the followed hard on the Target Christmas breach? Why should this time be different?
‘Smart’ Hospital IV Pump Vulnerable To Remote Hack Attack
More “Internet of Vulnerable Medical Things” from TechDirt – security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously.
WordPress 4.8.2 is out, update your website now
WordPress 4.8.2 is out, featuring nine security fixes website owners will want to apply, well, now.
All told, there have been six updates this year featuring security fixes, including January’s silent patch for a nasty zero day, this being the first since May’s v4.7.5.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com