Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

BlueBorne Bluetooth Vulnerabilities

09/12/2017 05:26 PM EDT  Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.

Analysis of new NIST password guidance

Too many people are giddy about getting the green light for easier passwords, but aren’t reading the fine print.

BitCoin A Fraud?

JPMorgan CEO Jamie Dimon calls bitcoin — which is at more than $4,100 right now — a fraud, says it’s “worse than tulip bulbs.” (Reuters)

Apple Releases Security Updates

09/19/2017 04:56 PM EDT  Original release date: September 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:

WordPress Releases Security Update

09/20/2017 08:50 AM EDT Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.

Experian Site Can Give Anyone Your Credit Freeze PIN

NOT Experian!  This time Equifax!  Am I the only one who thinks that Equifax and TransUnion a both probably as poorly secured as Equifax?  Have we forgotten the flood of retail breaches the followed hard on the Target Christmas breach?  Why should this time be different?

‘Smart’ Hospital IV Pump Vulnerable To Remote Hack Attack

More “Internet of Vulnerable Medical Things” from TechDirt – security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously.

WordPress 4.8.2 is out, update your website now

WordPress 4.8.2 is out, featuring nine security fixes website owners will want to apply, well, now.

All told, there have been six updates this year featuring security fixes, including January’s silent patch for a nasty zero day, this being the first since May’s v4.7.5.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.