Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


70k minimum wage has been a profound success and failure – two years later

Tech company Gravity Payments instituted a $70 K minimum wage two years ago.  It has long been my personal contention that the drop in real starting wages (against inflation) coupled with crushing student loan debt is keeping millennials out of the housing market and preventing household formation and the economical boost that entails.  Read how it worked for one small company.


Why it’s time to stop calling users “n00bs” and “1d10ts”

We’ve tried blaming users for 30 years, and it hasn’t worked. Here’s a new way – listen to them and get them on your side…


Equifax website hit by malvertising – will the pain never end?

The proverb “it never rains but that it pours” could have been written for Equifax – this time, malvertising.


Wi-Fi Protected Access (WPA) Vulnerabilities

What was secure is not any longer.  There are new vulnerabilities to popular Wi-Fi encryption protocols WPA and WPA2 which affect almost all currently deployed wireless routers and access points.


CERT/CC Reports WPA2 Vulnerabilities

10/16/2017 09:20 AM EDT Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC’s VU #228519.


Microsoft Office 0-day headlines Patch Tuesday, update now!

An Office 0-day and a Critical DNS flaw stand out among 61 vulnerabilities patched by Microsoft


Watch out for these high-pressure Apple malware scams

One site, three different Mac malware scams – just because you’re an Apple user doesn’t mean they’re not out to get you.


IC3 Issues Alert on IoT Devices

10/17/2017 06:56 PM EDT  Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.


IC3 Issues Alert on DDoS Attacks

10/17/2017 08:39 PM EDT  Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT’s Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.


 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.