December 8, 2020

Good morning, everyone!

This week’s critical vulnerabilities: Microsoft patched a bug in Xbox Live that could be used to get anyone’s email address. The bug could have been used to harass and dox anyone with a gamertag, a common form of abuse in the gaming community which sometimes has fatal consequences. A serious flaw in older version of Apple’s iOS is the subject of a blog post that’s worth reading. Remember: Patch early, patch often! This flaw was corrected in May. Replace any devices too old to run an operating system version that is still receiving security updates.

FBI warns of email forwarding rules being abused in recent hacks

The FBI recently released a PIN (Private Industry Notification) about a new Business Email Compromise (BEC) scheme used by cyber criminals. The FBI warns if you have webmail enabled on your enterprise systems you should be very careful it is configured correctly, and have a method of tracking all changes to email forwarding rules. Also, you should train your employees in recognizing phishing attacks using domain names that are similar to known sites (typosquatting). Hint: I can help! Security Awareness Training is my thing.

CISA issues warning on holiday scams

The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that cyber threats and holiday-themed scams are expected to increase in the coming weeks. The increased amount of online shopping due to COVID-19 is further increasing the risks. CISA also produced a guide to shopping safely online covering these four points:

• Check your devices (keep the operating system up-to-date, use 2FA whenever possible)
• Only shop through trusted sources (encrypted websites, stay off public wi-fi, check the legitimacy of the site)
• Use safe methods for purchases (credit cards are better than debit cards, check your statements for unauthorized charges)

More detailed info at https://www.cisa.gov/shop-safely.

Cyberattacks surging as COVID19 pandemic continues

Wow: Cyber criminals target the average household 104 times per month, according to Comcast. So you thought that you were safe because you’re just a family at home? Think again. Cyber criminals will attack whomever and wherever they can.

Let me ask you a question: Do you have a car parked outside? Is it locked? Why? Why did you bother? Who would want to steal one car? Or one purse inside a car? Criminals, that’s who! Small crimes can add up to big money, and cyber criminals know this. Basic cyber hygiene can protect you! Read my recent newsletter “ Top Three Ways to Protect Yourself Online – for free!” for more info.

As always, I could talk a lot more about this stuff! Come back next week for the next installment. :)

My Next Work(fromhome)shop

December 15: This online class will introduce you to the basics of the DoD's new Cybersecurity Maturity Model Certification: terminology, timeline, applicability, and basic preparation steps. Participants in this class will have the first chance at signing up for my "deep dive" series on the specifics of achieving Maturity Levels 1-3 coming up in Spring 2021.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺