Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Today is Veterans Day – Thanks for Your Service

Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.

Protecting Critical Infrastructure from Cyber Threats

10/31/2017 08:14 AM EDT  Original release date: October 31, 2017

Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

Hacking site hacked by hackers

It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful

Russia Testing Cyber-war Capabilities in the Ukraine

It appears the Putin regime is using Ukraine as a test best for his “hybrid warfare doctrine.”  Hybrid warfare combines traditional combat with cyber-war attacks against infrastructure, government, and now, even individuals.  Russia’s hybrid attacks against Ukraine have included, but are not limited to:

  • Using social media to shape public opinion among an adversary’s population.
  • Turning commercially available computer software into a tool for espionage and cyberwarfare.
  • Exploiting smartphones to spy on and wage psychological warfare against an adversary’s military forces.
  • Using cyberattacks to undermine an adversary’s electoral process.
  • Using pseudo-news reports to push a propaganda line that sows division within an adversary’s national culture.

All of these tactics have also been used by Russia against the U.S. since Russo-American relations took a nosedive in the fallout over Russia’s military aggression against Ukraine in early 2014.

Fake WhatsApp pulled from Google Play after 1m downloads

If you downloaded Whats App recently, it may be a fake.

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

11/09/2017 03:19 PM EST Original release date: November 09, 2017

Read WyzGuys article from Wednesday

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT’s Tip on Using Caution with Email Attachments.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.