A quick Saturday digest of cybersecurity news articles from other sources.
20 Worst Passwords of 2017
Nearly identical to last year’s list. Some people never learn. If you are using any of these passwords, please change them now!
Announcing the Free Cyber Security for Beginners Course
Build your online security skills for free with this practical course from Heimdal Security.
Microsoft Word slams the door on DDEAUTO malware attacks
Remember how Microsoft said that DDEAUTO was a “feature”, not a vulnerability? Well, it just changed its mind – for Word, at least. See our previous post.
Apple slows down old iPhones, study suggests
Is Apple slowing down old iPhones? It’s a question that comes up again and again because iPhone batteries aren’t easy to replace, and a new report from a popular benchmarking app suggests the answer is yes.
Apple admits to slowing iPhones, you’re not imagining it
Apple has quietly been suppressing the CPU speed of older iPhones to stop their batteries randomly shutting off
North Korean Malicious Cyber Activity
12/21/2017 10:45 AM EST Original release date: December 21, 2017
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-B and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.
Data on 123 million US households exposed
If you’re a US householder, a humongous trove of your personal data was available on an easily-accessible file. And no, this is not Equifax, this is another stupid marketing company.
Intel chips have a security hole
Everybody and their uncle has written about this issue, so I won’t be. This is an enormous and serious issue that can only be fixed by replacing nearly every Intel CPU in every device that has been deployed in the last 5-10 years. Software patches that will partially remediate the issue are available. Install them now. For more detailed information see the following articles posted elsewhere.
- TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance
- Meltdown and Spectre Side-Channel Vulnerabilities
- The Meltdown and Spectre CPU Bugs, Explained
- Naked Security – Intel Chip Flaws
- MS-ISAC CYBERSECURITY ADVISORY – Critical Patches Issued for Microsoft Products, January 03, 2018 – PATCH: NOW
- TechRepublic – Intel Chips Have Critical Design Flaw
JAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com