What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

April 25, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Google Chrome has a patch for yet another zero-day that is under active exploitation. Close your browser and reopen to apply the patch. Check for updates manually by using the More button top right (three dots) and then Help -> About Chrome. (Apparently bad actors are using this news to deliver malware via fake browser updates. Beware of popups, and Think Before You Click!)
  • VMWare has released fixes for its log analysis tool, Aria Operations for Logs, previously known as vRealize Log Insights

Patch All the Things!



The importance of patching

You know how I say all the time that keeping software up to date (patching!) is the single most important thing you can do to protect your devices? Well, how about this headline: Military helicopter crash blamed on failure to apply software patch. Yikes! Go run all your manual updates now and check the app stores for updates too.

Wipe those devices before repurposing

I know I've talked about this before too, but it seems that people still aren't paying attention: Used Routers Often Come Loaded With Corporate Secrets:

At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. And the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to.

Remember this applies to personal devices also, especially your smart phones. Revisit this newsletter for details.

Most cloud breaches the result of bad security practices

Palo Alto Unit 42 just released its annual cloud threat report, and guess what they found? The top two causes of breaches:

  • 76% of organizations don't enforce MFA for console users, and 58% of organizations don't enforce MFA for root/admin users
  • 63% of the codebases in production have unpatched vulnerabilities rated high or critical (CVSS >= 7.0), and 11% of the hosts exposed in public clouds have high or critical vulnerabilities.

So, let me say it one more time. Using MFA whenever it's available, and keeping all software up to date, are the top two things you can do to protect your information, whether personal or professional.

Stay safe this week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training has made a comeback, but many organizations have found virtual training to be useful as well. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy