A quick Saturday digest of cybersecurity news articles from other sources.
Today is Veterans Day – Thanks for Your Service
Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.
Protecting Critical Infrastructure from Cyber Threats
10/31/2017 08:14 AM EDT Original release date: October 31, 2017
Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.
US-CERT encourages users and administrators to review the following:
- Your Part in Protecting Critical Infrastructure,
- Critical Infrastructure Cyber Community Voluntary Program, and
- Critical Infrastructure Sectors.
Hacking site hacked by hackers
It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful
Russia Testing Cyber-war Capabilities in the Ukraine
It appears the Putin regime is using Ukraine as a test best for his “hybrid warfare doctrine.” Hybrid warfare combines traditional combat with cyber-war attacks against infrastructure, government, and now, even individuals. Russia’s hybrid attacks against Ukraine have included, but are not limited to:
- Using social media to shape public opinion among an adversary’s population.
- Turning commercially available computer software into a tool for espionage and cyberwarfare.
- Exploiting smartphones to spy on and wage psychological warfare against an adversary’s military forces.
- Using cyberattacks to undermine an adversary’s electoral process.
- Using pseudo-news reports to push a propaganda line that sows division within an adversary’s national culture.
All of these tactics have also been used by Russia against the U.S. since Russo-American relations took a nosedive in the fallout over Russia’s military aggression against Ukraine in early 2014.
Fake WhatsApp pulled from Google Play after 1m downloads
If you downloaded Whats App recently, it may be a fake.
Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
11/09/2017 03:19 PM EST Original release date: November 09, 2017
Read WyzGuys article from Wednesday
Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT’s Tip on Using Caution with Email Attachments.
ShareNOV
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com