Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

April 27, 2021

Good morning, everyone!

Sometimes I have a particular theme I want to talk about in this newsletter, and sometimes my head is just full of random concerns from all the news of the week. Guess what kind of week this is?

This week’s critical vulnerabilities:


Ransomware Fallout

Yet another reminder that you do NOT want to be the victim of ransomware. Quanta Computer, manufacturer of laptops for the likes of Apple, HP, Alienware, Dell, Lenovo, Cisco and Microsoft, recently suffered a data breach in the course of a ransomware attack. The ransomware group REvil claims they stole blueprints for Apple’s latest products, and have demanded $50M ransom. In the early days of ransomare, the bad guys just encrypted your data. Now they often steal a copy of their own before encrypting your copy. The legal fallout from this is expected to be significant.

Last week, the US Justice Department convened the Ransomware and Digital Extortion Task Force:

The Task Force will bring all of the Department's resources to bear to bolster our all-tools approach and work with our partners here and abroad to combat the threat of ransomware and digital extortion, and to ensure that we hold those who participate in the propagation of these crimes responsible and accountable

Let’s hope it helps.

Preparing for the Next SolarWinds Event

The Health Information Sharing and Analysis Center (H-ISAC) has published a new report, Preparing for the Next “SolarWinds” Event. While directed at healthcare institutions, the recommendations apply to any organization:

Simply put, the best ways to mitigate the next SolarWinds-level incident are having vulnerability awareness, applying proper patch application and management, implementing least privilege access, deploying Privileged User Monitoring & Access Control functions, and having access to reputable threat intelligence.

The report has a nice history of recent large attacks and how they unfolded. It’s an interesting read, and especially timely given the Passwordstate and Codecov attacks referenced above. Apparently software supply chain attacks are the new hotness in the world of cybercrime.

FLoC is a FLoP

While Google has been touting its new Federated Learning of Cohorts (FLoC) ad tracking technology as a “privacy enhancement” initiative, all major browsers are refusing to integrate it:

“The worst aspect of FLoC is that it materially harms user privacy, under the guise of being privacy-friendly.”

Chrome users can opt-out of FLoC by either going to Settings -> Privacy and Security -> Cookies and Other Site Data and selecting “Block third-party cookies” or by installing the DuckDuckGo extension for Chrome. If you are concerned about privacy (and I hope you are!), it’s a good idea to clear cookies and cache in your browser on a regular basis (I do this every time I log out of a website, at a minimum).

Whew! I think that's enough for this week.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2021 The Net Effect, L.L.C. All rights reserved. Read our privacy policy