Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

National Tax Security Awareness Week: IRS Helps Taxpayers Protect Against Cyber Criminals

11/28/2017 11:10 PM EST  Original release date: November 28, 2017

As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service (IRS) is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft.

US-CERT encourages taxpayers to visit the IRS National Tax Security Awareness Week 2017 page for daily security guidance, review US-CERT’s Tip on Avoiding Social Engineering and Phishing Attacks, and read the following National Tax Security Awareness Week alerts:

Apple’s MacOS High Sierra has a major security bug, and here is how to fix it

by Seung Lee

A security bug in Apple’s new Mac operating system allows anyone to gain full admin control of a computer without needing to enter a password — possibly even remotely.  Yes, it’s as bad as it sounds.

Thanks to the bug, a user can gain unauthorized access into a Mac running MacOS High Sierra by logging in as “root” for username and clicking on the login button a few times without needing to enter a password. The bug is reportedly not in any other MacOS.

Apple Releases Security Update for macOS High Sierra

11/29/2017 12:10 PM EST  Original release date: November 29, 2017

Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13.1. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU#113765 and the Apple security page for macOS High Sierra 10.13.1, and apply the necessary update.

Involved in a data breach? Firefox to test alerts in the browser

The company plans to trial an add-on that will warn users if they appear in Troy Hunt’s Have I Been Pwned? database.

3 simple tips to stay off the hook this phishing season

We’re entering peak retail season, so here are three simple tips to help convince your friends and family to Stop – Think – Connect…

Vulnerability Found In Amazon Key

When Amazon introduced its new $250 Smart Key system a few weeks back, most people were understandably skeptical. The product promises to securely let Amazon delivery folk unlock your front door and place packages inside, with an accompanying camera that tracks every move the deliveryman makes to ensure personal security. But the idea of Amazon delivery personnel gaining access to your home immediately raised all manner of questions among journalists, ranging from obvious questions of personal security to what happens if Amazon lets Fido out by accident.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.