What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

September 12, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Apple has released fixes for vulnerabilities under active exploit. Update now to iPadOS and iOS 16.6.1, watchOS 9.6.2 and macOS, Ventura 13.5.2 (requires agreement to a new license so it won't update automatically, and you'll need to turn off Bluetooth everywhere again after the update)
  • Schweitzer Engineering Labs (SEL) has released patches for critical flaws in its SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator applications
  • Attackers are exploiting vulnerabilities in the MinIO distributed object storage framework, (patches were released in May)

Patch All the Things!



Windows 7: Achilles Heel

Short version: Any PC running Windows 7 should not be exposed to the Internet. Period. Get rid of it or put it behind a secure network segmentation.

Long version: Attackers accessed UK military data through high-security fencing firm's Windows 7 rig

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC ... used to run software for one of the company's manufacturing machines.

Addendum: Anything that is no longer supported by the manufacturer should be replaced (or at least blocked from Internet access) -- operating systems, firmware, applications, devices, anything. If this truly isn't possible, the security implications should be carefully considered. Without manufacturer support, you cannot get security updates. Exposing an unsupported device or application to the Internet is just asking to be compromised.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy