Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

20 Worst Passwords of 2017

Nearly identical to last year’s list.  Some people never learn.  If you are using any of these passwords, please change them now!

Announcing the Free Cyber Security for Beginners Course

Build your online security skills for free with this practical course from Heimdal Security.

Microsoft Word slams the door on DDEAUTO malware attacks

Remember how Microsoft said that DDEAUTO was a “feature”, not a vulnerability? Well, it just changed its mind – for Word, at least.  See our previous post.

Apple slows down old iPhones, study suggests

Is Apple slowing down old iPhones?  It’s a question that comes up again and again because iPhone batteries aren’t easy to replace, and a new report from a popular benchmarking app suggests the answer is yes.

Apple admits to slowing iPhones, you’re not imagining it

Apple has quietly been suppressing the CPU speed of older iPhones to stop their batteries randomly shutting off

North Korean Malicious Cyber Activity

12/21/2017 10:45 AM EST Original release date: December 21, 2017

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-B and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Data on 123 million US households exposed

If you’re a US householder, a humongous trove of your personal data was available on an easily-accessible file.  And no, this is not Equifax, this is another stupid marketing company.

Intel chips have a security hole

Everybody and their uncle has written about this issue, so I won’t be.  This is an enormous and serious issue that can only be fixed by replacing nearly every Intel CPU in every device that has been deployed in the last 5-10 years.  Software patches that will partially remediate the issue are available.  Install them now.  For more detailed information see the following articles posted elsewhere.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.