October 19, 2021

Good morning, everyone!

This week’s critical vulnerabilities: Apple released an update to iOS 15 that fixes a serious problem being exploited already. Don’t wait on this update. Microsoft’s last Patch Tuesday fixed 71 vulnerabilities, including 4 critical zero-days. Microsoft has issued a warning that foreign actors are attacking O365 accounts with password-spraying attacks. Be certain that you are requiring MFA for all users. LibreOffice and OpenOffice have released updates fixing a security issue with signed documents. Dahua cameras are being actively exploited. Patch released ages ago. Update now if you haven’t already. Cisco released patches for multiple critical flaws in Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products. Patch All the Things!

Safe Shopping Online

With the current supply chain issues, I’ve been reading that we need to start Christmas shopping early this year. Oh great. Yesterday, I read an article (”Everyday cybersecurity practices inadequate among many online consumers”) that made me think I should talk about safe online shopping in this week’s newsletter. Ready? Let’s go!

Know where you're shopping. Cyber criminals often set up cloned websites using domain names that are just a letter off the real thing. And they pay for online advertising! Be especially careful of buying something from a store that you've never heard of. Look hard at the website -- does it look professional? does it look like a full-blown e-commerce site or possibly just a front? does the URL match the store name and the name in the ad you saw? Bookmark favorite stores so you can go right there without clicking on a link that may be dicey or misleading.

Check out as a guest. Do you really need one more online account to manage? I know I sure don’t. Unless you honestly expect to keep buying from this online store regularly, don’t bother creating an account.

Pay through an existing online account. If you can pay using PayPal, or Amazon Pay, or some other online payment system where you already have a credit card stored, then use it as often as possible. Don’t put credit card info into one more server if you don’t have to.

Never use a debit card online. Sure, I know the banks tell you that they will cover any losses (for personal accounts, not business accounts!) but even if they do, you will still have the hassle of the cleanup, and possibly some bounced checks before you realize what has happened. Always use a credit card online.

Don’t let them store your card info. Many online stores have a checkbox where you can tell them to store the card info for future use or not. DON’T DO IT. Type that card info in every time. If they don’t save it, they can’t lose it in a data breach.

Use good, strong passphrases. You knew I was going to say that, right? If you do decide to create an account, make sure you put a good, strong passphrase on it . At least 12 characters, a mix of characters, no publicly-available information included in it.

Enable 2FA when available. Sadly, this is not often an option for online stores, but if it is – DO IT!

Keep all your software updated. Cyber criminals hang out on e-commerce servers all the time, waiting for someone with an unpatched device to come along. When you visit a website, your device (phone, tablet, PC, doesn’t matter what) gives a lot of information to the server – your IP address, geographic location, operating system version, browser version, etc. so it’s easy for a pwned server to identify vulnerable shoppers. Don’t be vulnerable! Patch early, patch often.

Online scammers targeting senior citizens

The sad truth is that many senior citizens are sitting ducks for online fraud and identity theft—and that's why it's so crucial to be able to tell when someone is scamming you online.

It’s true. Yahoo News recently posted an excellent article on the subject, identifying the most common scams and how to guard against them. If you have aged friends and friends and relatives with Internet access, I urge you to read this story and share it. Help them understand and recognize these situations. I have personal knowledge of many of these actually happening.

And that’s enough for this week! Happy shopping. 😉

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺