What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

December 6, 2022

Good morning, everyone!

This week’s critical vulnerabilities:
  • Atlassian has released fixes for critical flaws in Bitbucket & Crowd
  • Google Chrome has released an update to fix its 6th zero-day vulnerability of 2022
  • Cisco has released 4 security fixes for its Identity Server Engine (ISE)
  • NVIDIA has released an update for its GPU Display Driver to address 29 vulnerabilities in both Windows and Linux systems

Patch All the Things!



This Thursday at 1PM (CT), Cisco is presenting a free webinar, "Securing Your Home Network." If you can't make the actual webinar time, go ahead and register anyway so you can view the recording when it's made available.
TikTok "Invisible Body" challenge deploying malware

Attackers are exploiting the popular "Invisible Body" TikTok video challenge to install malware capable of stealing passwords, Discord accounts, cryptocurency wallets, passwords and credit card info stored in browsers, files from your computer, and maybe more:

A new and trending TikTok challenge requires you to film yourself naked while using TikTok's "Invisible Body" filter, which removes the body from the video and replaces it with a blurry background.

This challenge has led to people posting videos of them allegedly naked but obscured by the filter.

To capitalize on this, threat actors are creating TikTok videos that claim to offer a special "unfiltering" filter to remove TikTok's body masking effect and expose the TikTokers' nude bodies.

However, this software is fake and installs the "WASP Stealer (Discord Token Grabber)" malware.

Remember, consult original sources! Download software only from known sources. Install apps only from known, reputable developers. (and seriously? don't use TikTok)

LastPass breached again

For the second time this year, LastPass has suffered a data breach. In August, the company announced that source code was stolen in a data breach. It appears that some of this stolen data was used to commit the most recent infiltration of the company's network.

At this time, LastPass is stating that some user data was stolen, but that passwords "remain safely encrypted due to LastPass's Zero Knowledge architecture." If you are a LastPass user, I suggest watching this developing story.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy