August 30, 2022
Good morning, everyone!
This week’s critical vulnerabilities:
Patch all the things!
Beware of DDoS protection popups
WordPress sites are being hacked to popup a fake Cloudflare DDoS protection page that will install malware. WordPress admins, make sure your sites are updated! Everyone else, Think Before You Click!
Attacks against mobile devices on the rise
A recent report from Verizon “reveals that there is a continued rise in major cyberattacks in the last year involving a mobile/IoT device, up 22% year-over-year, that resulted in data or system downtime." As remote work continues to be a thing, it's more important than ever to take basic precautions to protect mobile devices:
- Patch early, patch often! This is the number one way to protect all your devices. Turn on automatic updates. Manually check at least monthly that updates have been installed. In fact, go ahead and check right now! I often find that an update has been downloaded but not installed for some reason.
- Stay off public wifi. This story is an oldie but goodie. Public wifi is dangerous.
- Secure your routers. I've written before on the 5 Easy Steps to Secure Your Router. If you haven't done this, do it now! (Did you do it on your old router, but forget to do it on the new one?)
That last one is even more important lately. The FBI recently reported that cyber criminals are "compromising home routers or other connected technology" to hide their illicit activity behind a home IP address. Don't let the bad guys use your stuff to attack others!
MFA attacks: Disable or delete inactive accounts now
Many organizations don't have a policy or procedure for routinely disabling or deleting inactive accounts, and attackers are actively exploiting this situation:
even with MFA in place, it's possible for cyber criminals to bypass protection features to access and exploit dormant accounts – something that might go undetected for some time
The article suggests several ways to protect your organization from this type of attack. It's worth reading.
And I do believe that's enough for this week. I hope you all enjoy a great Labor Day weekend!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺