February 28, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
What is a zero-day exploit?
I'm glad you asked! These are the most critical vulnerabilities in a software application. A flaw is present that the vendor doesn't know about, but bad guys do, and they are already taking advantage of it. It's called a zero-day exploit because you will have had zero days to fix it before the bad guys are attacking it. Any updates that fix a zero-day exploit should be your top priority.
Apparently there is Big Money in zero-days. This interesting article talks about the "multi-millionaire market" for zero-days.
It can happen to anyone
America's top cyber diplomat says his Twitter account was hacked. Your best defenses? Use good passwords (long & strong, pass phrases), enable 2FA whenever available, and sign up for notifications from haveibeenpwned.com
Sensitive US military emails spill online. A government cloud email server was connected to the internet without a password.
Securing Home Networks
The NSA recently released an easy-to-follow guide for securing home networks, aimed at teleworkers. If you read this newsletter regularly, you will recognize pretty much everything it covers. Still, it's a good reminder for you and a good resource to share.
Stay cyber safe this week and every week!
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺