What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect

[ View this email in your web browser ] [ Visit our archives ]

October 12, 2021

Good morning, everyone!

This week’s critical vulnerabilities:
  • Medtronic has recalled remote controllers for its MiniMed 508 and MiniMed Paradigm insulin pumps.
  • Apache has released a second update for its HTTP Web Server after an initial fix was deemed incomplete.
  • Honeywell has released critical fixes for flaws in its Experion PKS and ACE Controllers
  • HikVision has released patches for critical vulnerabilities in some of its cameras. This bulletin lists specific models.

Patch All the Things!



About that Facebook outage

So that major Facebook outage last week was a hot topic, eh? FB, WhatsApp and Instagram were offline for several hours, causing personal angst as well as slashing the income of many businesses who depend on those sites to drive sales. But the more interesting story IMO was how many people were locked out of other Internet sites, like NetFlix, because they use their FB account to log into such third party sites on the Internet. Remember a few weeks ago, when I wrote about The dangers of using a single account to log into many accounts? Well, here’s another danger that I didn’t specifically mention, as it’s less of a security problem than a convenience problem – but it IS a problem! If you use a single account (like FB or Google) to sign in to many different online accounts, then when that site has a problem, it cascades to every account you have tied to that one. Think about that. You might want to make some changes in how you manage your online accounts.

Help! My email account has been hacked

Last week a friend contacted me because an old email account (that she doesn’t use anymore) is apparently still “alive” and was hacked. Someone was using it to send out phishing emails with infected attachments. She asked me what to do about this, and it occurred to me this would be a good newsletter topic!

Short term

The first step (immediately!!) should be to change the password on the account. Be sure to make it a good password! At least 12 characters, complex, and totally unique. Not the same or similar as a password used on any other online accounts. No publicly available, personal info included in the password (no kids or pets names, no phone numbers/DOB/addresses). Read more about good password management techniques in this previous newsletter.

Next, enable two-factor authentication. You know why. If you’ve forgotten, or you’re new here, read why I love 2FA .

Now, go to https://haveibeenpwned.com and sign up to be alerted when that email address shows up in a password dump on the dark web, so you know where you need to go make changes. (HINT: If you haven’t already signed up all your email accounts here, do that now.)

Longer term

If this is an old email account that you don't want to use anymore, cancel it. Delete it. Deactivate it. Whatever, just kill it so it can’t be used for cyber crime ever again.

If you need to keep it active for some particular purpose but you don’t check it regularly, figure out how to automatically forward all incoming emails to your new email account. This way at least you can keep tabs on activity (and you'll get the notices from https://haveibeenpwned.com if it’s been compromsied). Otherwise you need to log in periodically and see what's going on. Look at the sent mail folder in particular to see if it's being used by someone else again.

I hope you found this helpful – or wait, actually, I hope you never need to know this!!! But if you do get hacked, at least you know where to look for help.

Talk to you again next week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy