November 16, 2021

Good morning, everyone!

This week’s critical vulnerabilities: Zoho Password Management Service has flaws being exploited now – update ASAP Cisco released patches for multiple critical vulnerabilities in Catalyst Passive Optical Network (PON) switches Optical Network Terminal FreeSwitch telecom software needs updating immediately Microsoft fixed 55 problems in last week’s rollup, including vulnerabilities in Server and Exchange that are being actively exploited Sitecore Experience Platform (XP) content management system is being actively exploited – a fix was released last month Citrix has patched critical flaws in Application Delivery Controller (ADC) and Gateway products and the Citrix SD-WAN WANOP Edition appliance iOS and macOS bugs are being exploited – fixes were released in September Palo Alto has released a fix for critical vulnerability it firewalls using GlobalProtect Portal VPN Patch All the Things!

Phishy, phishy, phishy!

The holiday shopping season is upon us, and the scams are changing accordingly. Here are the big three I see most often and how to protect yourself:

(1) Gift Card smishes (phishy SMS text messages) like the one you see here. I’ve gotten half a dozen of these in the past two weeks. Don’t click on that link!

Develop your natural skepticism: if it seems to be good to be true ...

(2) Fake tracking updates Before you click on that link to see the updated tracking status of that gift you ordered, stop and think: Why am I getting tracking updates I didn’t sign up for? Why do I need to log into anything for a tracking update when they’ve got my email? Why is this email coming to my work address when I used my personal email to place the order?

Think before you click!

(3) There’s a problem with your order If you have any concern that there really is a problem with your order, use the bookmark for that site to log in and check it out. If you haven’t bookmarked the site, open the order confirmation email and use the link inside to check on the order.

Remember, always consult original sources of information!

Stay safe this week, online and off!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺