Here is a Blog from Microsoft about changes to Windows 10 1809.

Features we removed in this release

We’re removing the following features and functionalities from the
installed product image in Windows 10, version 1809. Applications or
code that depend on these features won’t function in this release unless
you use an alternate method.

Features we’re no longer developing

We’re no longer actively developing these features and may remove
them from a future update. Some features have been replaced with other
features or functionality, while others are now available from different
sources.

If you have feedback about the proposed replacement of any of these features, you can use the Feedback Hub app.

NIST invites
comments on Draft Special Publication (SP) 800-179 Revision 1, Guide to Securing macOS 10.12 Systems
for IT Professionals: A NIST Security Configuration Checklist. This
publication assists IT professionals in securing macOS 10.12 desktop and laptop
systems within various environments. It provides detailed information about the
security features of macOS 10.12 and security configuration guidelines. The
publication recommends and explains tested, secure settings with the objective
of simplifying the administrative burden of improving the security of macOS
10.12 systems in three types of environments: standalone, managed, and
specialized security-limited functionality.

A public comment period for this document is open until November 16, 2018.
We strongly encourage you to use the comment template for submitting your
comments.

CSRC Update:
https://csrc.nist.gov/news/2018/nist-releases-draft-sp-800-179-rev-1-for-comment

Publication Details:
https://csrc.nist.gov/publications/details/sp/800-179/rev-1/draft

For the past four years, thousands of servers may have been subject to an  extremely simple authentication bypass vulnerability. CVE-2018-10933 affects libssh versions since 0.6.0, an implementation library for Secure Shell (SSH) that was released in 2014. It is limited only to certain implementations of SSH and does not affect the widely-used OpenSSH. 
Still, all the attacker has to do is send the server the message SSH2_MSG_USERAUTH_SUCCESS” instead of “SSH2_MSG_USERAUTH_REQUEST” and they have full access. Experts are saying that the overall impact is small, given that OpenSSH is not impacted and a libssh patch has already been released. So how many systems are actually at risk? A quick Shodan search by one researcher returned 6,351 servers just by looking for “libssh”. Another researcher added port 22 to the search, bringing the number down to 3,004. But this doesn’t tell us how many systems are running vulnerable versions of of libssh. And really, pinning down an accurate number is not easy. Shodan doesn’t cover everything that’s out there and what’s out on the internet can change in the blink of an eye. 

Advanced Persistent Threats (APT) are being recognized as one of the biggest cyber threats in the industry today. There are many groups globally behind the numerous attacks of this type in recent history. Three major cyber incidents that garnered global attention were the BlackEnergy power grid attack, the Industroyer power grid attack, and the NotPetya malware outbreak. However, what if the same APT group was behind all three of these attacks?
The BlackEnergy attack caused blackouts in the Ukranian power grid in December 2015. Industroyer, also known as CrashOverride, also attacked the Ukranian power grid in December 2016 and is the first case of malware designed to specifically target a power grid. After the BlackEnergy attack, the group behind it (also called BlackEnergy) became known as TeleBots and carried out attacks against the Ukranian financial sector, eventually culminating in the outbreak of the NotPetya malware. There was speculation in the cybersecurity community that the BlackEnergy and Industroyer attacks were both perpetrated by the TeleBots group but no evidence to support these claims. However, the discovery of another TeleBots malware, Exramel, by the ESET security group in April 2018 provided the missing link.
Exramel uses a backdoor that appears to be an upgraded version of the backdoor used by Industroyer. There are many similarities in the code, especially the list of available commands it can receive from its Command and Control (C&C) servers and the way each handles reporting and redirecting output streams. Each backdoor also disguises itself as an antivirus service for detection avoidance and groups targets based on their security solutions being used. The similarity between the two led the ESET researchers to conclude that it is unlikely to be a case of coincidental code sharing between threat actors.
Linking TeleBots to Industroyer shows just how much of a threat the group can pose, being the single entity behind three of the most groundbreaking and devastating cyberattacks in history. In addition, the recent claims from multiple governments that Russian military intelligence groups are behind TeleBots throws even more intrigue into the mix and leaves a daunting question: what could TeleBots be up to next?
Sources:

 https://threatpost.com/notpetya-linked-to-industroyer-attack-on-ukraineenergy-grid/138287/
 https://www.zdnet.com/article/security-researchers-find-solid-evidencelinking-industroyer-to-notpetya/
https://www.welivesecurity.com/2018/10/11/new-telebots-backdoorlinking-industroyer-notpetya/ 

Important Updates

The 2018 NY Metro Joint Cyber Security WEBINAR will take place on Thursday October 18^th.
NYMJCSC is now in its fifth year; featuring keynotes, panels and
sessions aimed at various aspects of information security and
technology.

This year will feature a webinar format allowing NYMJCSC to reach and educate a broader audience.

To register please go here

Time Slot	Topic	Speaker
2:00 – 2:40	Behavior-based Internal Controls that Prevent Ransomware, Employee Theft, and Denial of Service attacks		Jeffrey Wagar Past President, ISACA New Orleans Chapter
2:45 – 3:25	Cyber Risk: It’s All About People		Alan Brill CISSP, CFE, CIPP/US, FAAFS Senior Managing Director, Cyber Risk, North America, Kroll (a division of Duff & Phelps)
3:30 – 4:10	Cyber Dogfighting: Hacker Decision-Making and the Korean Air War		Mathew J. Heath Van Horn Assistant Professor, SUNY Delhi School of Business
4:15 – 4:55	Assessing Legal and Contractual Risk and Uncertainty with Bug Bounty Programs, Vulnerability Disclosures and Information Sharing		Mark H. Francis Partner – Tech & Data, Holland & Knight
4:50 – 5:30	“Not If but When?” – Leveraging AI to Jettison Mantras of the Past: How AI will Liberate Security of the Future		John McClurg VP & Ambassador-At-Large, Cylance

This new app from NYC

• Alerts you to unsecure Wi-Fi networks, unsafe apps in Android, system tampering & mor
• Helps you protect your phone and your privacy
• $0 to download, $0 to use, no in-app purchases, no ads

How does the app help protect me?

• Device alerts—These alerts warn you about settings or activity that could potentially put your device at risk.
• Network alerts—These alerts warn you about potentially compromised networks you are connected to
• .App alerts (Android only)—These alerts warn you when issues arise on apps you have installed that could compromise your device’s security.

f you haven’t frozen your credit reports yet, this could be your moment.

Under the Economic Growth, Regulatory Relief, and Consumer Protection Act, freezing your credit at all three major credit bureaus — Equifax(1-800-525-6285),

Experian (1-800-397-3742)  and TransUnion (
1-800-680-7289). Now is for free, previously, states set prices for credit freezes, which typically cost
about $10.
Other links of importance

Another tool you might want to look at is  Lock & Alert 

Equifax offers a Lock & Alert service allows you to lock and
unlock your Equifax credit report for free, online or with the Equifax Lock
& Alert app. By locking your credit report, you can restrict access to it by third
parties, with certain exceptions. These exceptions, for instance, may include
lenders and creditors where you have existing accounts. Federal, state and
local government agencies are also exceptions.
Locking your Equifax credit file will prevent access to it by certain
third parties. Locking your Equifax credit file will not prevent access to your
credit file at any other credit reporting agency. Entities that may still have
access to your Equifax credit file include: companies like Equifax Global
Consumer Solutions which provide you with access to your credit report or
credit score, or monitor your credit file; federal, state, and local government
agencies; companies reviewing your application for employment; companies that
have a current account or relationship with you, and collection agencies acting
on behalf of those whom you owe; for fraud detection purposes; and companies
that wish to make pre-approved offers of credit or insurance to you. To opt out
of such pre-approved offers, visit www.optoutprescreen.com.

As a public Service announcement I am copy and posting this on my blog. The original content comes form CENTER FOR CYBER SAFETY AND EDUCATION,