Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

 Over 75% of Android apps are secretly tracking users

Yale Privacy Lab has discovered hidden trackers in hundreds of popular Android apps that send app manufacturers your location, activity, and other personal info.

Cayla doll too eavesdroppy to put under the Christmas tree, says France

That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

Securing Mobile Devices During Holiday Travel

12/05/2017 04:12 PM EST  Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.

Microsoft Releases Security Updates for its Malware Protection Engine

12/07/2017 05:52 PM EST  Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft’s Advisory and apply the necessary updates.

NCSC Releases Security Advisory

11/29/2017 05:04 PM EST  Original release date: November 29, 2017

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

The Turla group use a range of tools and techniques, many of which are custom. Using
their advanced toolkit, the Turla group compromise networks for the purposes of
intelligence collection. The Turla group is known to target government, military,
technology, energy and commercial organisations.

The Turla group has operated on targets using a rootkit known as Snake for many
years. Like Neuron and Nautilus, Snake provides a platform to steal sensitive data,
acts as a gateway for internal network operations and is used to conduct onward
attacks against other organisations.

US-CERT encourages users and administrators to review the NCSC advisory for more information.

Apple Releases Security Updates

12/06/2017 05:15 PM EST  Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

Google Releases Security Update for Chrome

12/06/2017 05:08 PM EST  Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.



About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.