Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

August 9, 2022

Good morning, everyone!

This week’s critical vulnerabilities:

  • VMWare has released fixes for multiple vulnerabilities, some critical
  • More than 29 models of DrayTek routers have critical vulnerabilities for which patches have been released

Patch all the things!



Think before you plug it in!

Amazing story I read on LinkedIn the other day. The lengths that cyber criminals will go to!

Someone just shared that their father received a package in snail mail to their house (pictures below), plugged in the very legit looking USB (fail) then ransomware did its thing.

Isn’t that incredible? Educate your parents as well as your children!

Say what you do, do what you say

A recent lawsuit provides yet another example of cyber insurance being worthless if you aren’t truthful and accurate on your application:

Travelers alleges that ICS represented on its policy application materials that the company requires MFA for employees and third parties to access email, remotely access the company’s network, and gain access to endpoints, servers, network infrastructures, directory services, and the like. Travelers claims that ICS was in fact only using the MFA protocol on its firewall and that access to its other systems – including its servers, the target of the ransomware attack at issue – were not subject to MFA’s heightened protections. Had Travelers known this, it argues, it wouldn’t have issued the policy to ICS in the first place. Accordingly, Travelers argues the court must “rescind the policy and declare that there is no coverage for any losses, costs or claims submitted by ICS to Travelers for coverage under the policy.”

Ouch. Now, please note that I made a point of saying both “truthful” and “accurate” because there is a distinction. I have seen numerous cyber insurance applications with incorrect answers, because the person completing the application was not knowledgeble about either the technology in question, or the way the technology is used in practice within the organization. Remember that both acts of commission (intentionally false statements) and ommission (inaccurate information, whether due to misunderstanding or trying to look good) can result in the same bad outcome. So make certain you get help on technical questions, to be sure that you don’t overstate your actual security posture without realizing it.

Stay cyber aware this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

The Net Effect is a CMMC-AB Registered Provider OrganizationRPO

Copyright 1996-2022 The Net Effect, L.L.C. All rights reserved. Read our privacy policy