Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

 Over 75% of Android apps are secretly tracking users

Yale Privacy Lab has discovered hidden trackers in hundreds of popular Android apps that send app manufacturers your location, activity, and other personal info.

Cayla doll too eavesdroppy to put under the Christmas tree, says France

That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

Securing Mobile Devices During Holiday Travel

12/05/2017 04:12 PM EST  Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.

Microsoft Releases Security Updates for its Malware Protection Engine

12/07/2017 05:52 PM EST  Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft’s Advisory and apply the necessary updates.

NCSC Releases Security Advisory

11/29/2017 05:04 PM EST  Original release date: November 29, 2017

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.

The Turla group use a range of tools and techniques, many of which are custom. Using
their advanced toolkit, the Turla group compromise networks for the purposes of
intelligence collection. The Turla group is known to target government, military,
technology, energy and commercial organisations.

The Turla group has operated on targets using a rootkit known as Snake for many
years. Like Neuron and Nautilus, Snake provides a platform to steal sensitive data,
acts as a gateway for internal network operations and is used to conduct onward
attacks against other organisations.

US-CERT encourages users and administrators to review the NCSC advisory for more information.

Apple Releases Security Updates

12/06/2017 05:15 PM EST  Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

Google Releases Security Update for Chrome

12/06/2017 05:08 PM EST  Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.