Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

 Over 75% of Android apps are secretly tracking users

Yale Privacy Lab has discovered hidden trackers in hundreds of popular Android apps that send app manufacturers your location, activity, and other personal info.

Cayla doll too eavesdroppy to put under the Christmas tree, says France

That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

Securing Mobile Devices During Holiday Travel

12/05/2017 04:12 PM EST  Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.

Microsoft Releases Security Updates for its Malware Protection Engine

12/07/2017 05:52 PM EST  Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft’s Advisory and apply the necessary updates.

NCSC Releases Security Advisory

11/29/2017 05:04 PM EST  Original release date: November 29, 2017

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

The Turla group use a range of tools and techniques, many of which are custom. Using
their advanced toolkit, the Turla group compromise networks for the purposes of
intelligence collection. The Turla group is known to target government, military,
technology, energy and commercial organisations.

The Turla group has operated on targets using a rootkit known as Snake for many
years. Like Neuron and Nautilus, Snake provides a platform to steal sensitive data,
acts as a gateway for internal network operations and is used to conduct onward
attacks against other organisations.

US-CERT encourages users and administrators to review the NCSC advisory for more information.

Apple Releases Security Updates

12/06/2017 05:15 PM EST  Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

Google Releases Security Update for Chrome

12/06/2017 05:08 PM EST  Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.



About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.