Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Today is Veterans Day – Thanks for Your Service

Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.

Protecting Critical Infrastructure from Cyber Threats

10/31/2017 08:14 AM EDT  Original release date: October 31, 2017

Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

Hacking site hacked by hackers

It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful

Russia Testing Cyber-war Capabilities in the Ukraine

It appears the Putin regime is using Ukraine as a test best for his “hybrid warfare doctrine.”  Hybrid warfare combines traditional combat with cyber-war attacks against infrastructure, government, and now, even individuals.  Russia’s hybrid attacks against Ukraine have included, but are not limited to:

  • Using social media to shape public opinion among an adversary’s population.
  • Turning commercially available computer software into a tool for espionage and cyberwarfare.
  • Exploiting smartphones to spy on and wage psychological warfare against an adversary’s military forces.
  • Using cyberattacks to undermine an adversary’s electoral process.
  • Using pseudo-news reports to push a propaganda line that sows division within an adversary’s national culture.

All of these tactics have also been used by Russia against the U.S. since Russo-American relations took a nosedive in the fallout over Russia’s military aggression against Ukraine in early 2014.

Fake WhatsApp pulled from Google Play after 1m downloads

If you downloaded Whats App recently, it may be a fake.

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

11/09/2017 03:19 PM EST Original release date: November 09, 2017

Read WyzGuys article from Wednesday

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT’s Tip on Using Caution with Email Attachments.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.