Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

December 15, 2020

Good morning, everyone!

This week’s critical vulnerabilities: If your organization uses the SolarWinds Orion IT monitoring platform, disconnect now: Orion update versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, have been tainted with malware and is being actively exploited.

"The campaign is widespread, affecting public and private organizations around the world," FireEye said. "The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added. SolarWinds said it plans to release a new update (2020.2.1 HF 2) on Tuesday, December 15, that "replaces the compromised component and provides several additional security enhancements."

Patch all the things!!



The most common cause of data breaches is misconfiguration of cloud services

Here's an eye-opening prediction:

Gartner predicts through 2025, 99 percent of all cloud security failures will be the customer’s fault

Read more about the shared responsibility model in the Cloud and how you can protect your organizations data and services. See also my past newsletters (07-14-2020 To Cloud, or Not to Cloud? and followups on 08-04-2020 and 11-17-2020 ).

Ransomware continues to plague, with COVID-19 themes prominent

The new Zebrocy Malware is being delivered via phishing emails with COVID-19 themes, and it’s the same old story:

Zebrocy is delivered primarily via phishing attacks that contain decoy Microsoft Office documents with macros as well as executable file attachments.

  • Beware of attachments that are executable files.
  • Disable macros in Microsoft Office documents unless you are POSITIVE they need to run (when in doubt, pick up the phone and call the person who sent you the document).
  • Think before you click!

Short newsletter this week, but I know that everyone is busy getting ready for the holidays. Enjoy, stay safe, don’t overdo things … and we’ll talk again in 2021!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2021 The Net Effect, L.L.C. All rights reserved. Read our privacy policy