May 2, 2023

Good morning, everyone!

This week’s critical vulnerabilities: the Eval PHP WordPress plugin hasn't been supported for a decade and is now being used by threat actors to establish backdoors. Get rid of it. Google Cloud Platform has released a critical fix APC's Easy UPS Online Monitoring Software has received patches for three vulnerabilities PaperCut MF/NG print management software has released an update to fix a critical flaw now under active exploit Apache has released information on an unsecure default configuration in Apache Superset Patch All the Things!

Google is not your friend

At the recent RSA conference, the SANS Institute led a keynote session on the 5 most dangerous new attack techniques. Guess what are the first two?

(1) Search Engine Optimization (SEO) - a new tool for bad guys

(2) Malvertising – using search engines to optimize threats

Yep, the bad guys are manipulating legitimate tools for their own nefarious purposes, to get their malware-delivering websites to the top of search results. We saw a huge increase in these attacks at the start of this year.

How do you protect yourself?

(1) Check the URL of any website before clicking on a link. On a desktop computer, hover your mouse over the link. On a mobile device, press and hold the link. In both cases, the true destination of that link will show up in a popup, so you can see where that link will really take you. If the domain name doesn't look familiar, or anything looks suspicious, look for another way (an original source!) to get what you need.

(2) Download only from known, safe sites. If you routinely use a free software package, bookmark the developer's website so you can get updates with confidence. Sign up for his/her newsletter to get notified of updates and clean links to download.

(3) Consider using an ad blocker. I'm not a huge fan of ad blockers for work computers, because they do block legitimate functions pretty regularly, but for home computers, yes, definitely, using an ad blocker can protect against malicious downloads, especially when less-than-savvy users are surfing the web for fun.

Stay safe online this (and every) week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺