November 1, 2022

Good morning, everyone!

This week’s critical vulnerabilities: Apple has released a fix for another zero-day vulnerability Abode has released security patches for its Iota All-In-One Security Kit Cisco warns that bugs fixed two years ago are now suddenly being actively exploited. A critical vulnerability in VMWare is increasingly being used in multiple types of attacks. A patch was released in April. Patch All the Things!

Video Camera Savvy and Selfie Awareness

Famed security researcher Bruce Schneier recently wrote an intriguing post "Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses." He starts out with "Okay, it’s an obscure threat. But people are researching it" and goes on to talk about how this will be even easier in the future, as camera images continue to become more detailed.

I'm writing about this only to tell you that I actually saw this happen a few weeks ago! I was watching a very large, public meeting online while simultaneously chatting online with colleagues who were also in the same webinar. One of the speakers was wearing large-framed eyeglasses, and kept his camera live even when he was no longer speaking. We could see him looking at something, and one of my colleagues suddenly typed "Look! He's reading [this same forum we are on now]!" Sure enough, the reflection on his eyeglasses exactly mirrored what I was seeing on my computer monitor. Someone else typed "Hey, Mr. Speaker, if you are reading this, please smile" and he did! I'm not kidding.

So, it's important to be mindful of ways you may be inadvertently sharing data during a video conference call. Are you wearing a shirt with a logo or saying? Does it accurately represent who you want to be during that call? What about the titles in the bookcase behind you? Are those books you want to be known for reading?

In my security awareness training I often ask people "What's hiding in your selfie?" Every time that camera comes out, look around you. What is going to show in this photo? Your car tag? The street numbers on your house? The keypad by the back door, with four dirty keys showing which four numbers make up your alarm code?

Practice Video Camera Savvy and Selfie Awareness this week!

Upcoming Virtual Workshop

Eight years after its release, many organizations still find themselves struggling with how to implement the NIST CSF. In this virtual workshop, we will break it down into a simple, 7-step process that anyone can follow.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺