Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

National Tax Security Awareness Week: IRS Helps Taxpayers Protect Against Cyber Criminals

11/28/2017 11:10 PM EST  Original release date: November 28, 2017

As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service (IRS) is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft.

US-CERT encourages taxpayers to visit the IRS National Tax Security Awareness Week 2017 page for daily security guidance, review US-CERT’s Tip on Avoiding Social Engineering and Phishing Attacks, and read the following National Tax Security Awareness Week alerts:

Apple’s MacOS High Sierra has a major security bug, and here is how to fix it

by Seung Lee

A security bug in Apple’s new Mac operating system allows anyone to gain full admin control of a computer without needing to enter a password — possibly even remotely.  Yes, it’s as bad as it sounds.

Thanks to the bug, a user can gain unauthorized access into a Mac running MacOS High Sierra by logging in as “root” for username and clicking on the login button a few times without needing to enter a password. The bug is reportedly not in any other MacOS.

Apple Releases Security Update for macOS High Sierra

11/29/2017 12:10 PM EST  Original release date: November 29, 2017

Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13.1. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU#113765 and the Apple security page for macOS High Sierra 10.13.1, and apply the necessary update.

Involved in a data breach? Firefox to test alerts in the browser

The company plans to trial an add-on that will warn users if they appear in Troy Hunt’s Have I Been Pwned? database.

3 simple tips to stay off the hook this phishing season

We’re entering peak retail season, so here are three simple tips to help convince your friends and family to Stop – Think – Connect…

Vulnerability Found In Amazon Key

When Amazon introduced its new $250 Smart Key system a few weeks back, most people were understandably skeptical. The product promises to securely let Amazon delivery folk unlock your front door and place packages inside, with an accompanying camera that tracks every move the deliveryman makes to ensure personal security. But the idea of Amazon delivery personnel gaining access to your home immediately raised all manner of questions among journalists, ranging from obvious questions of personal security to what happens if Amazon lets Fido out by accident.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.