October 27, 2020
Good morning, everyone!
|This week’s critical vulnerabilities:
If you have Chromium versions of Nano Adblocker or Nano Defender, remove them now.
Oracle has released patches for more than 400 vulnerabilities, Cisco released security fixes for high-severity flaws in Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). WordPress released a patch for the Loginizer Plugin. Adobe released more patches ahead of their normal schedule, due to criticality.
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers and “urges US public and private sector to apply patches or mitigations to prevent attacks”
Patch all the things!!
Do You Know Your Wares?
We’ve been talking about such serious stuff lately, I decided to have some fun this week! Who wants to learn new vocabulary? So everyone knows what is hardware and software. How about these other "wares":
Firmware is software that’s embedded on hardware. Firmware gives instructions to “smart” devices like wireless routers, phones, printers, and now even kitchen appliances! Firmware can be more difficult to update than software, but it’s important to keep firmware up-to-date on all your devices, as there are often critical security issues in older versions.
Malware is bad software, the kind you don’t want (mal is the latin root for “evil”). Malware includes things like viruses and trojans.
Bloatware is software that comes loaded by default on devices you purchase, and it’s also usually stuff you don’t want! Sometimes it’s harmless junk, but sometimes it’s actually malware. So get in the habit of cleaning that junk off things you buy soon as you can.
Adware is software that serves up advertisements to you without asking for your permission. One common form is a new toolbar that installed itself into your browser. It is also embedded with shopping and coupon applications. Adware can also be a vector for malware infections, depending on the intent (or competence!) of the author & distributor.
Spyware was originally software that tracks you online and sometimes even steal your login credentials. This stolen data is then sold to third parties. New forms of spyware, though, may be seemingly-innocuous plugins like Facebook UnfriendAlert and sometimes are actual commercial applications that people use to spy on former spouses and even their children. This spyware is also embedded in “smart” toys like Hello Barbie.
Trialware is software that’s free for some period of time, and then bugs you to buy it after the trial period is over. Sometimes trialware is also used as a malware delivery vehicle, so use caution when trying something out for free.
Nagware is software that says it’s free, but then constantly asks you to buy a license or upgrade to the “pro” version. Again, be very cautious about installing any "free" software on your devices, as you may be paying for it later!
Scareware is software that scares you with fake warnings, trying to trick you into doing something that will profit someone else at your expense. Common forms are popups that warn you have a virus and need to download this tool right now to clean it up (either you have to pay for the tool, or it’s actually malware), or a popup that the FBI has caught you watching porn and is demanding a $300 fine (yes people actually fall for these things), or a popup that your computer is running slow and needs a fix from tech support, and they will take your credit card info and charge you for their help.
Crapware is any and all of the above, also knows as PUPs (potentially unwanted programs). Often PUPs aren’t actually dangerous or even malicious – things like McAfee Security Scan Plus and Amazon Assistant are valid applications that serve their corporate masters – but what’s irritating is that they are often installed without you realizing it, typically bundled with software you really do want.
Ransomware is of course the scariest “ware” of them all! Ransomware is a type of malware that “kidnaps” your data and demands a ransom in exchange for its return. There are basically two types: locker and crypto. Locker ransomware is the earliest form, where the malware locks up your computer and demands a ransom to unlock it. This type isn’t terribly harmful, as it’s usually easy to boot the computer off an external drive and remove the locker ransomware. Crypto ransomware is much more dangerous, however, as you typically need a key (from the cybercriminals) to decrypt your data. And sometimes there’s a bug in the program and the key won't work (rolling eyes).
What’s the best defense against ransomware? We learned this last week, remember? Anyone? Anyone? Bueller? PREVENTION and GOOD BACKUPS!!!!
November 10: Ethical Duties: How Technology is Undermining Attorney-Client Confidentiality (1 hr ethics CLE)
December 3: Ethical Duties: Practical Strategies for Safeguarding Client Information (1 hr ethics CLE)
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺
Talk to you again soon!