May 30, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
To patch or not to patch?
Apple has fixed a new zero-day that is being actively exploited. It requires updating devices to macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5.
You know my mantra, "Patch early, patch often." Keeping all software up-to-date is the single most important thing you can do to protect your devices.
If you know me very well, you also know that I don't advocate being the first to install a new version of any operating system unless there's a good reason. Under normal circumstances, I would wait to update my iPhone from 16.4.1(a) when 16.5.1 comes out (that third number means some bugs were fixed from the 16.5 version). But, in this case, a zero-day that is under active exploit requires this update, and the patch is not available any other way.
This is a basic risk assessment situation, right? What could happen, how bad would it be, how likely is it to happen? The bugs are bad, they can cause serious problems, and I do a lot of surfing the Internet on my phone. My personal risk assessment said I should update now. So I backed up my iPhone (an important first step!) and updated without any problems. You should do your own risk assessment.
Stay safe online this (and every) week!
Important information for all US Dept of Defense contractors
If you do work for the US DoD, or for any of its contractors, there's a lot going on right now in the realm of cyber security requirements. My latest CMMC Update newsletter discusses some of these, and there is a lot of good info in the archived editions as well. If you aren't a DoD contractor but know someone who is, please share!
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺