April 12, 2022
Good morning, everyone!
The latest critical vulnerabilities:
Are WordPress sites the Mosquitoes of the Internet?
"Of the phishing sites that used a CMS, 46% of those used WordPress"[link]
Anytime you get an email asking you to click on a link with "wordpress" in the URL, stop and think HARD before you click! Ask yourself, "Do I really need to click on this link? Is there some other way to get this information? Should I call the sender of the email and verify its legitimacy before clicking on this link?” (HINT: the answer to the latter is “yes”)
More lessons learned from the SolarWinds breach
Last week SolarWinds lost a bid to throw out a data breach lawsuit, with three important points made by the Court:
1. While organizations must have fundamental security measures in place, it is also important that an organization have a security culture, that employees understand that this "security mindset," and have a real awareness of the Company's efforts around security. [...]
2. Organizations should ensure that their public statements related to security are accurate, not misleading, and regularly updated in response to relevant events. [...]
3. It is important for boards and management to heed the advice of their own security advisors. [...]
PCI DSS 4.0 has been released
The PCI Security Standards Council has released version 4.0 of their Data Security Standard (PCI DSS), with some 60+ new requirements. While most of them don’t kick in until March 2025, giving merchants time to prepare and upgrade their systems, many of them are effective immediately. In this category, new requirements for process maturity and documentation have been added to 10 of the 12 principal requirements. If you process credit cards, we should probably talk soon.
Go forth and be secure! and have a great week.
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺
TNE. Cybersecurity. Possible.Speak with an Expert