Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Serious D-Link router security flaws may never be patched

Six routers with serious security flaws are considered end of life (EOL) and may never be updated.  The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014.

NCSC Releases 2018 Annual Review

10/19/2018 08:13 PM EDT  Original release date: October 19, 2018

The United Kingdom’s (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats.

NCCIC encourages users and administrators to review NCSC’s 2018 Annual Review for more information.

Using Secure Shell – maybe not secure? libssh Releases Security Updates

10/19/2018 05:43 PM EDT Original release date: October 19, 2018

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.

Russian trolls messing with elections again

A few weeks ahead of mid-term elections in the US, as social media platforms try to plug leaks that let in waves of meddling and propaganda that soaked the country in 2016, Twitter on Wednesday released all the tweets, images and videos it believes have been planted by “state-backed information operations.”

35 million US voter records up for sale on the dark web

He or she is selling off the databases by state. Kansas’s voter database has already been sold and published, and Oregon is next up for sale.

FBI Releases Article on Defending Against Payroll Phishing Scams

10/16/2018 07:14 PM EDT  Original release date: October 16, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

National Cybersecurity Awareness Month: Critical Infrastructure Cybersecurity

10/23/2018 06:38 AM EDT  Original release date: October 23, 2018

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

NCCIC encourages users and administrators to review the following:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.