August 30, 2022

Good morning, everyone!

This week’s critical vulnerabilities: Cisco released a critical patch for AsyncOS for Cisco Secure Web Appliance 80,000+ Hikvision Cameras remain vulnerable to attack, although a patch was released nearly a year ago Another VMware security patch released Plex is urging all users to reset their passwords after a recent data breach Firefox and Thunderbird received critical updates this week Patch all the things!

Beware of DDoS protection popups

WordPress sites are being hacked to popup a fake Cloudflare DDoS protection page that will install malware. WordPress admins, make sure your sites are updated! Everyone else, Think Before You Click!

Attacks against mobile devices on the rise

A recent report from Verizon “reveals that there is a continued rise in major cyberattacks in the last year involving a mobile/IoT device, up 22% year-over-year, that resulted in data or system downtime." As remote work continues to be a thing, it's more important than ever to take basic precautions to protect mobile devices:

• Patch early, patch often! This is the number one way to protect all your devices. Turn on automatic updates. Manually check at least monthly that updates have been installed. In fact, go ahead and check right now! I often find that an update has been downloaded but not installed for some reason.
  
  
• Stay off public wifi. This story is an oldie but goodie. Public wifi is dangerous.
  
  
• Secure your routers. I've written before on the 5 Easy Steps to Secure Your Router. If you haven't done this, do it now! (Did you do it on your old router, but forget to do it on the new one?)

That last one is even more important lately. The FBI recently reported that cyber criminals are "compromising home routers or other connected technology" to hide their illicit activity behind a home IP address. Don't let the bad guys use your stuff to attack others!

MFA attacks: Disable or delete inactive accounts now

Many organizations don't have a policy or procedure for routinely disabling or deleting inactive accounts, and attackers are actively exploiting this situation:

even with MFA in place, it's possible for cyber criminals to bypass protection features to access and exploit dormant accounts – something that might go undetected for some time

The article suggests several ways to protect your organization from this type of attack. It's worth reading.

And I do believe that's enough for this week. I hope you all enjoy a great Labor Day weekend!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺