Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Today is Veterans Day – Thanks for Your Service

Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.

Protecting Critical Infrastructure from Cyber Threats

10/31/2017 08:14 AM EDT  Original release date: October 31, 2017

Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

Hacking site hacked by hackers

It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful

Russia Testing Cyber-war Capabilities in the Ukraine

It appears the Putin regime is using Ukraine as a test best for his “hybrid warfare doctrine.”  Hybrid warfare combines traditional combat with cyber-war attacks against infrastructure, government, and now, even individuals.  Russia’s hybrid attacks against Ukraine have included, but are not limited to:

  • Using social media to shape public opinion among an adversary’s population.
  • Turning commercially available computer software into a tool for espionage and cyberwarfare.
  • Exploiting smartphones to spy on and wage psychological warfare against an adversary’s military forces.
  • Using cyberattacks to undermine an adversary’s electoral process.
  • Using pseudo-news reports to push a propaganda line that sows division within an adversary’s national culture.

All of these tactics have also been used by Russia against the U.S. since Russo-American relations took a nosedive in the fallout over Russia’s military aggression against Ukraine in early 2014.

Fake WhatsApp pulled from Google Play after 1m downloads

If you downloaded Whats App recently, it may be a fake.

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

11/09/2017 03:19 PM EST Original release date: November 09, 2017

Read WyzGuys article from Wednesday

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT’s Tip on Using Caution with Email Attachments.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.