Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

BlueBorne Bluetooth Vulnerabilities

09/12/2017 05:26 PM EDT  Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.

Analysis of new NIST password guidance

Too many people are giddy about getting the green light for easier passwords, but aren’t reading the fine print.

BitCoin A Fraud?

JPMorgan CEO Jamie Dimon calls bitcoin — which is at more than $4,100 right now — a fraud, says it’s “worse than tulip bulbs.” (Reuters)

Apple Releases Security Updates

09/19/2017 04:56 PM EDT  Original release date: September 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:

WordPress Releases Security Update

09/20/2017 08:50 AM EDT Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.

Experian Site Can Give Anyone Your Credit Freeze PIN

NOT Experian!  This time Equifax!  Am I the only one who thinks that Equifax and TransUnion a both probably as poorly secured as Equifax?  Have we forgotten the flood of retail breaches the followed hard on the Target Christmas breach?  Why should this time be different?

‘Smart’ Hospital IV Pump Vulnerable To Remote Hack Attack

More “Internet of Vulnerable Medical Things” from TechDirt – security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously.

WordPress 4.8.2 is out, update your website now

WordPress 4.8.2 is out, featuring nine security fixes website owners will want to apply, well, now.

All told, there have been six updates this year featuring security fixes, including January’s silent patch for a nasty zero day, this being the first since May’s v4.7.5.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.