December, 2018:

Some EXCELLENT U-Tube videos links below

Adobe also has critical Reader and Flash updates this month & users should promptly get up-to-date (esp. as prompted by automated update notices)

Adobe December 2018 Security Update Fixes Reader, Acrobat

https://helpx.adobe.com/security/products/acrobat/apsb18-41.html

Adobe has patched 87 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update, including a slew of critical flaws that would allow arbitrary code-execution.  The scheduled update comes less than a week after Adobe released several out-of-band fixes for Flash Player, including a critical vulnerability (CVE-2018-15982) that it said is being exploited in the wild. That’s a use-after-free flaw enabling arbitrary code-execution in Flash.

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.  2018 may have been filled with cybersecurity incidents, but the infosec community is gearing up for what the New Year will bring. From emerging cyber-threat attacks surfaces, new APT groups, and more regulations around data privacy, 2019 is set to be another big year in the cybersecurity space. Here are the top cybersecurity trends to look out for in 2019.

1. More Spectre-Like Flaws
2. Sophisticated IoT Attacks
3. Ransomware is Back
4. Operational Technology and IT Converge
5. Faster Patching 
6. Insecure Biometrics
7. Supply Chain Attacks
8. Privacy Legislation
9. GDPR Impact
10. Apache Struts Flaws

https://www.pcmag.com/news/365641/samsungs-2019-smart-tvs-include-remote-access

Remote Access is Samsung’s way of referring to enhanced wireless connectivity. If you want to easily connect a keyboard, tablet, laptop, PC, or smartphone to your TV, a 2019 Samsung TV with Remote Access is for you.

As we head into the new year, manufacturers are preparing to launch new gadgets to entice us to part with our money. When it comes to choosing the best television, it’s getting quite hard to differentiate seeing as all new TVs now offer 4K visuals while being thin enough to fit on even the slimmest of media centers. So for 2019, Samsung is focusing on connectivity with a feature called Remote Access.

Samsung’s Smart TV range for 2019 will ship with Remote Access, which is basically enhanced wireless connectivity. It means that connecting any device to your Samsung TV should be easier, be that a keyboard, tablet, smartphone, or laptop. As long as the programs and apps you want to use on your TV are compatible, it should be possible to control them wirelessly with any of those devices.

https://www.howtogeek.com/fyi/how-to-control-a-chrome-extensions-permissions/

Google promised control of each Chrome extension’s permissions back in October, and that long-promised feature finally arrived near the end of December. Extensions no longer require “all your data on the websites you visit.”    You won’t see any sort of prompt when installing an extension. If that extension asks to “Read and change all your data on the websites you visit,” all you can do is agree and click “Add Extension.” But, after the extension is installed, you can now revoke that permission.

Talos Security summarizes top attacks during 2018

https://blog.talosintelligence.com/2018/12/year-in-malware-2018-most-prominent.html

It was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies. Things only got crazier from there, with cryptocurrency miners popping up everywhere, and VPNFilter taking the world by storm over the summer. There was never a shortage of cybersecurity news this year, and Talos was there to dissect all of it.

As the year wraps up, here’s a look back on the most prominent malware we discovered and the major trends we saw — some of which we expect to continue into 2019. Take a look below for our malware Year in Review, as well as a timeline of the major attacks Talos discovered this year.

EXCELLENT SUMMARY OF EACH MONTH IN SUMMARY LINK BELOW

https://2.bp.blogspot.com/-bnhEqprhB0A/XBzydGuC-bI/AAAAAAAAE-Q/RYawGggErAgoZtBHuGJ-ajU3nCnhx0xgwCLcBGAs/s1600/Artboard%2B1.png

For new devices received over the holidays, below are some Best Practices for setup and security

https://www.usatoday.com/story/tech/columnist/2018/12/28/new-tech-device-how-set-up-gadget-you-got-gift-like-pro/2432228002/

You got the shiny new gadget you’ve been wanting, now what?  If you set it up the right way, you might wonder how you ever lived without it. But set it up wrong and you could open yourself up to all kinds of headaches and security issues. From unboxing to troubleshooting issues that crop up and upcycling your old gadgets, using your new piece of tech may not be as simple as opening the package and heading out the door, at least not right away.

Here are a few pro tips and tricks to get you up and running in no time.

1. Unboxing basics
2. Troubleshooting
3. Hire Help for complex needs
4. Back it up
5. Lock it down
6. Missed connections
7. Recycle Old tech devices

http://www.chicagotribune.com/business/ct-biz-tribune-publishing-malware-20181230-story.html

The Chicago Tribune and other Tribune Publishing newspapers on Sunday continued to experience issues associated with a malware attack, and some content likely will be missing from Monday’s papers, the Chicago-based company said.  Sunday print editions were delivered in its markets across the U.S. but did not contain classified ads and some paid death notices, which share a common system disrupted by the malware, the Chicago-based company said Sunday.

A source familiar with the investigation said the malware has been identified as Ryuk ransomware, which was highlighted as a threat associated with overseas hackers in an August government cybersecurity report. There was no ransom demand made, the source said.   All Tribune Publishing newspapers were impacted by the malware, with the South Florida Sun Sentinel among those unable to produce its paper in time for Saturday delivery. Those newspapers were delivered on Sunday, the company said.

USA Today shares key tips and advice in switching to streaming media services if desired for the coming year.

https://www.usatoday.com/story/tech/talkingtech/2018/12/27/what-you-need-cutting-cord-tips/2389501002/

Perhaps your New Year’s resolution goes like this: Stop sending hundreds of dollars monthly to cable and satellite companies in 2019. Cut the cord and save. It makes sense, as there is so much entertainment available via online streaming services such as Netflix and Amazon Prime that can be viewed on smart TVs or via a streaming device that connects to your (nonsmart) TV.

Is cutting the cord part of your New Year’s Resolution? Here’s what you need to know

1. Antenna — In most of the country, you don’t need cable to bring in the broadcast TV networks and local channels. In many instances, an antenna, like the kind of we used to use back in the rabbit ears days, will do just fine. Antennas have gotten stronger over the years, and many come with a preamp that boosts the signal. We recently tried the basic $19.99 model, from Amazon’s house brand, and it more than did the job, bringing in channels clearly and quickly.

2. Streaming devices — you’ll need either a “smart” TV, which has services such as Netflix and Amazon built in, or an accessory streaming player, which connects to the HDMI port of your TV and your Wi-Fi to bring the apps to your TV.

3. Entertainment services — Netflix is the big kahuna of online entertainment, with nearly 150 million subscribers. Meanwhile, for 2019, the Walt Disney Co. is yanking movie titles from Netflix and launching a new service, Disney +, that will feature new versions of “Star Wars,” “Monsters, Inc.” and “High School Musical.” Apple is also expected to launch its new, unnamed entertainment service in 2019. New series from Steven Spielberg, Oprah

4. Cable Alternatives — YouTube TV, Hulu, DirecTV, Sling and Sony all offer full-featured cable TV alternatives that you pick up via their apps. With the cable alternatives, you get the ability to watch on your TV, computer, phone or tablet; start a show on one device, and finish it elsewhere. All offer some form of DVR service, which automatically records shows once you request it and lets you play it back later, usually without commercials.

US CERT shares best practices for new devices that may have been received as holiday gifts.  Users should search vendor’s website.  Also, U-Tube often has some great FREE instructional videos on best ways to setup new devices on step-by-step basis)

https://www.us-cert.gov/ncas/current-activity/2018/12/28/Securing-New-Devices

During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), recommends these important steps you should consider to make your Internet of Things more secure:

1. Use strong passwords — Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don’t provide any protection.

2. Evaluate your device security settings — Most devices offer a variety of features that you can tailor to meet your needs and requirements. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk.

3. Ensure you have up-to-date software — Make sure to apply relevant patches as soon as possible to protect your devices.

4. Connect carefully — Once your device is connected to the internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the internet is needed.