Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

August 29, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Ford has announced that its SYNC 3 infotainment system is vulnerable to attack, and recommends disabling wifi until a fix is released.
  • Citrix has released new patches for NetScaler ADC and Gateway products
  • Cisco has released patches for NX-OS software, FXOS software, and UCS managed software affecting enterprise switches and firewalls.
  • Ivanti has released a patch to address an API authentication bypass vulnerability affecting Ivanti Sentry Administrator Interface (formerly MobileIron Sentry)
  • WinRAR file archiver utility has released a critical patch for a vulnerability under active exploit
  • Juniper released a number of fixes for vulnerabilities in its SRX series firewalls and EX series switches that can be chained together to create a critical situation
  • Adobe has released a critical fix for a vulnerability in ColdFusion Deserialization
  • A Magento vulnerability for which a patch was released last year is under active attack.
  • Vulnerabilities in CODESYS V3, a software development environment widely used to program and engineer programmable logic controllers (PLCs), were announced last week (patches released earlier)

Patch All the Things!

QR Code Safety

A large-scale phishing campaign using malicious QR codes was revealed last week, after successful attacks on various targets, including a major energy company. "Most of the emails contained lures referring to updating account information, including two- and multi-factor authentication, or general account security details." Malicious QR codes are definitely a thing, so let's talk about QR Code Safety this week!

Online If you are presented with a QR code in an email or on a website, Think Before You Scan!

  1. First, as always, ask yourself "is there a safer way of accomplishing this?" Whenever, possible, consult original sources of information.
  2. Next, ask yourself whether you really need to scan this QR code? Is there an important reason that you need to access whatever information is being offered here? Are you going to act on this information, or are you just curious? If there isn't a real need, then just skip it.
  3. Finally, if the tips above don't apply, e.g., this is a special offer that cannot be accessed any other way (that you know of) and you really really want this thing, scan the code with an app that will preview the destination URL and look at it closely, read it carefully, make sure you are able to accurately judge whether the link is the place you are expecting to go. When in doubt, don't.

In Real Life When faced with a QR code in real life, start with #1 and #2 above. If you still want to scan this code, examine it carefully. Is it a sticker pasted onto a poster or sign? Walk away. Does it look like it has been tampered with in any way? Don't do it. Do you know and trust the organization that has posted this info?

Remember, better safe than sorry!

The importance of having your own backups

Last week, Danish hosting firms CloudNordic and AzeroCloud revealed that they had suffered a ransomware attack, and "many of its customers have lost data that appears to be irrecoverable." Ouch. This isn't the first time such a thing has happened and certainly won't be the last. (See "So You Decided to Cloud" in my previous newsletter)

Words to live by: If you store your data in the cloud, have local backups. If you store your data locally, have backups in the cloud.

Stay safe online this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
(251) 433-0196 x107
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert


The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy