June 1, 2021

Good morning, everyone!

This week’s critical vulnerabilities: VMWare has released updates for critical remote code execution hole in vCenter Google has released Chrome 91 with 32 security fixes, including at least 8 high severity issues Trend Micro’s Home Network Security Station has an update available with multiple critical security fixes. Another WordPress plugin needs updating: Simple 301 Redirects by BetterLinks Patch All the Things!

Last week I received an email from a faithful reader asking a really good question:

You put out these notices, which is really good, but I have no idea what to do. For instance, I have Adobe and use it many times every day. Should I be doing something to apply the patch?

So, let’s talk about that this week! First, the easiest thing to do is turn on automatic updates. Ten years ago, we recommended NOT turning on auto-update because it tended to break applications on a regular basis. Today, however, the security implications of running unsupported software are so much more dangerous than the potential of breaking an app or two. So go ahead, turn on auto-updates. Remember, this is literally the number one most important, easiest, and free! step to take in securing your devices. If you are running software on your device with a known security vulnerability, you are cruising around the Internet with a target on your back. Seriously. This applies not only to the operating system, but also all the apps on your device.

Mobile Devices

I consider auto-update a no-brainer for mobile devices. It’s okay to implement a bit of control, for example by enabling automatic download with notification but allowing you to choose when to actually install (so it doesn’t happen at some inconvenient time) but don’t keep putting it off:

For Apple devices, you can control iOS updates and app updates using these simple steps.

Because of the diversity of Android devices available, there isn’t a one-stop place to get OS updates. Google releases patches to the base OS, but it’s up to the manufacturers to apply those patches to their versions of the OS and make those available to users. Follow these instructions from Google to check for updates, Apps in the Google Play Store should automatically update unless you turn that off. You can see how to turn on auto-update on Samsung, LG and HTC.

Windows PCs

Tech Advisor has a good reference with detailed instructions and a bit of background.

Macs

For MacOs, you can choose to Automatically keep my Mac up to date.

Desktop Applications

For desktop applications, whether on PC or Mac, there are a few standard places to look:

“Help → About” used to be the standard location for another link to “check for updates” – and typically this will pop up a box with an option to check “Keep my software up to date” or something similar. Nowadays, this option is often found under Tools, Preferences and/or Options. Because nobody likes a standard. At least software developers don’t. (Old joke in the software development world: "The nice thing about standards is that there are so many to choose from!")

For a few specific, very popular apps:

• Adobe Reader & Acrobat
• Java tends to be a bit more complicated, and I recommend not having it installed at all unless (1) you actually need it and (2) you keep it updated.
• QuickBooks and Quicken
• Zoom, GoToMeeting and Webex
• Slack
• Box and Dropbox

I hope this is enough to get you going. From these links, you should be able to update anything you have. Go forth and Patch All the Things!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Goes Live Again!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺