The NCSC weekly threat report has covered the following:
A ‘Key Negotiation of Bluetooth’ vulnerability.
This potentially allows attackers to affect the length of encryption keys, even reducing them down to a single digit, making fraudulent access to connected devices much easier resulting in someone monitoring your keystrokes, accessing your address books or other sensitive data.
The NCSC would always advise patching with the latest updates, but there are also some useful links from companies that have released updates mitigating against this vulnerability.
· Microsoft: Windows
· Apple: macOS, iOS and watchOS
· Google: Android
· Cisco: IP phones and Webex
· Blackberry powered by Android phones
Python 2 and 3.
Python 2 is going out of support (ie no more security updates or bug fixes with an associated increase in vulnerabilities) with effect 1st January 2020. You have 4 months to port your code to Python 3.
NCSC’s Rich M has this week blogged about this very subject.
Extra 5 Minutes?
Here is a short BBC News Focus programme on a ransomware called LockerGoga and a Norwegian aluminium plant with a running bill of £45m to RECOVER from a ransomware attack and is still operating on a reversionary mode (paper). Note the cyber advisory company using coloured chalk and a blackboard. (A real one, not the VLE)