Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

70k minimum wage has been a profound success and failure – two years later

Tech company Gravity Payments instituted a $70 K minimum wage two years ago.  It has long been my personal contention that the drop in real starting wages (against inflation) coupled with crushing student loan debt is keeping millennials out of the housing market and preventing household formation and the economical boost that entails.  Read how it worked for one small company.

Why it’s time to stop calling users “n00bs” and “1d10ts”

We’ve tried blaming users for 30 years, and it hasn’t worked. Here’s a new way – listen to them and get them on your side…

Equifax website hit by malvertising – will the pain never end?

The proverb “it never rains but that it pours” could have been written for Equifax – this time, malvertising.

Wi-Fi Protected Access (WPA) Vulnerabilities

What was secure is not any longer.  There are new vulnerabilities to popular Wi-Fi encryption protocols WPA and WPA2 which affect almost all currently deployed wireless routers and access points.

CERT/CC Reports WPA2 Vulnerabilities

10/16/2017 09:20 AM EDT Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC’s VU #228519.

Microsoft Office 0-day headlines Patch Tuesday, update now!

An Office 0-day and a Critical DNS flaw stand out among 61 vulnerabilities patched by Microsoft

Watch out for these high-pressure Apple malware scams

One site, three different Mac malware scams – just because you’re an Apple user doesn’t mean they’re not out to get you.

IC3 Issues Alert on IoT Devices

10/17/2017 06:56 PM EDT  Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.

IC3 Issues Alert on DDoS Attacks

10/17/2017 08:39 PM EDT  Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT’s Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.