What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

February 28, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Apple fixed a new zero-day exploit for iPhones, iPads and Mac computers running macOS 13 (Ventura)
  • Microsoft released 80 patches last week, including 9 critical, 3 zero-day exploits
  • Google Chrome released a critical patch last week (remember you have to close Chrome and reopen for the updates to be applied)
  • ClamAV, which is embedded in some Cisco products as well as standalone programs, released a critical update
  • Hyundai and Kia are releasing software updates to some models of their vehicles after a TikTok video showing how to steal the cars resulted in a spike in the number of thefts
  • FortiNet has released patches to fix 40 bugs in various products, two critical, at least one being actively exploited

Patch All the Things!



What is a zero-day exploit?

I'm glad you asked! These are the most critical vulnerabilities in a software application. A flaw is present that the vendor doesn't know about, but bad guys do, and they are already taking advantage of it. It's called a zero-day exploit because you will have had zero days to fix it before the bad guys are attacking it. Any updates that fix a zero-day exploit should be your top priority.

Apparently there is Big Money in zero-days. This interesting article talks about the "multi-millionaire market" for zero-days.

It can happen to anyone

America's top cyber diplomat says his Twitter account was hacked. Your best defenses? Use good passwords (long & strong, pass phrases), enable 2FA whenever available, and sign up for notifications from haveibeenpwned.com

Sensitive US military emails spill online. A government cloud email server was connected to the internet without a password.

Securing Home Networks

The NSA recently released an easy-to-follow guide for securing home networks, aimed at teleworkers. If you read this newsletter regularly, you will recognize pretty much everything it covers. Still, it's a good reminder for you and a good resource to share.

Stay cyber safe this week and every week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy