WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

70k minimum wage has been a profound success and failure – two years later

Tech company Gravity Payments instituted a $70 K minimum wage two years ago.  It has long been my personal contention that the drop in real starting wages (against inflation) coupled with crushing student loan debt is keeping millennials out of the housing market and preventing household formation and the economical boost that entails.  Read how it worked for one small company.

Why it’s time to stop calling users “n00bs” and “1d10ts”

We’ve tried blaming users for 30 years, and it hasn’t worked. Here’s a new way – listen to them and get them on your side…

Equifax website hit by malvertising – will the pain never end?

The proverb “it never rains but that it pours” could have been written for Equifax – this time, malvertising.

Wi-Fi Protected Access (WPA) Vulnerabilities

What was secure is not any longer.  There are new vulnerabilities to popular Wi-Fi encryption protocols WPA and WPA2 which affect almost all currently deployed wireless routers and access points.

CERT/CC Reports WPA2 Vulnerabilities

10/16/2017 09:20 AM EDT Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC’s VU #228519.

Microsoft Office 0-day headlines Patch Tuesday, update now!

An Office 0-day and a Critical DNS flaw stand out among 61 vulnerabilities patched by Microsoft

Watch out for these high-pressure Apple malware scams

One site, three different Mac malware scams – just because you’re an Apple user doesn’t mean they’re not out to get you.

IC3 Issues Alert on IoT Devices

10/17/2017 06:56 PM EDT  Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.

IC3 Issues Alert on DDoS Attacks

10/17/2017 08:39 PM EDT  Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT’s Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.