Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

July 5, 2022

Good morning, everyone!

  • WordPress Ninja Forms plugin fixed a critical code injection vulnerability
  • Cisco is refusing to fix a critical vulnerability discovered in several of its Small Business Routers, because the devices have entered the end-of-life cycle and aren’t worth patching. Replace ASAP if you have one of these models.
  • QNAP NAS devices have more patches available. Update immediately. Above all, don’t expose these devices directly to the Internet.

Patch All the Things!



You can’t make this stuff up

I truly wish I could say this was a joke, but it isn’t. Last week a man in Japan transferred personal data on 460,000 residents of Amagasaki to a USB stick, put it in his bag, and went out for drinks with friends. He awoke at 3 a.m. (on the street!) and went home without his bag. On the USB drive was:

the home addresses and bank account details of every one of the 460,000 residents of Amagasaki, officials in the small industrial city in Japan’s Hyogo prefecture said in a statement Thursday. It also identified households receiving public assistance, they said.

(smacking forehead) Honestly I can’t imagine why this guy thought it was a good idea to put this kind of confidential information on a USB stick and carry it to a party, but there you have it. Don’t be like this guy.

A wide range of routers are under attack

Researchers from Lumen Technologies' Black Lotus Labs have uncovered a widespread campaign by an “unusually advanced hacking group” that has developed custom malware for routers made by Cisco, Netgear, Asus, and DrayTek. I’ve written before on the five easy steps to securing your wireless router. If you haven’t done this already, do it now!

FCC: the TikTok app is a national security risk

FCC commissioner Brendan Carr recently wrote a letter to Apple & Google asking them to remove TikTok apps from their app stores:

"TikTok is not what it appears to be on the surface," Carr wrote. "It's not just an app for sharing funny videos or memes. That's the sheep's clothing. At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data."

The full letter is available here and I must say, it contains some pretty shocking accusations:

Indeed, TikTok collects everything from search and browsing histories to keystroke pattens and biometric identifiers, including faceprints - which researchers have said might be used in unrelated facial recognition technology - and voice points. It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device's clipboard. The list of personal and sensitive data it collects goes on from there.

Security researchers have found the TikTok app circumventing privacy restrictions on both Google Android and Apple devices. The TikTok app has been found accessing passwords, cryptocurrency wallet addresses and personal messages, as well as tracking users online.

You may recall that the Trump administration threatened to ban TikTok, but the courts blocked that action. The Biden administration has proposed new rules to monitor apps like TikTok that are considered national security risks. India (the world’s largest democracy) has already banned TikTok for stealing user data and transmitting it without authorization.

So, I dunno, do you really need that app on your phone? Think about it.

Have a great week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2022 The Net Effect, L.L.C. All rights reserved. Read our privacy policy