Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

May 30, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • ASUS has fixed a problem with connectivity issues in its routers, apparently related to a security update pushed by the vendor without notification
  • Cisco has released security patches for its Small Business Series switches
  • A vulnerability in the WordPress Beautiful Cookie Consent Banner Plugin, fixed version 2.10.2, is being actively exploited
  • Zyxel warns that two critical vulnerabilities affecting firewall and VPN products are being actively exploited
  • Barracuda has released a security patch for a zero-day vulnerability in its Email Security Gateway (ESG) appliances, which is under active exploit

Patch All the Things!

To patch or not to patch?

Apple has fixed a new zero-day that is being actively exploited. It requires updating devices to macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5.

You know my mantra, "Patch early, patch often." Keeping all software up-to-date is the single most important thing you can do to protect your devices.

If you know me very well, you also know that I don't advocate being the first to install a new version of any operating system unless there's a good reason. Under normal circumstances, I would wait to update my iPhone from 16.4.1(a) when 16.5.1 comes out (that third number means some bugs were fixed from the 16.5 version). But, in this case, a zero-day that is under active exploit requires this update, and the patch is not available any other way.

This is a basic risk assessment situation, right? What could happen, how bad would it be, how likely is it to happen? The bugs are bad, they can cause serious problems, and I do a lot of surfing the Internet on my phone. My personal risk assessment said I should update now. So I backed up my iPhone (an important first step!) and updated without any problems. You should do your own risk assessment.

Stay safe online this (and every) week!

Important information for all US Dept of Defense contractors

If you do work for the US DoD, or for any of its contractors, there's a lot going on right now in the realm of cyber security requirements. My latest CMMC Update newsletter discusses some of these, and there is a lot of good info in the archived editions as well. If you aren't a DoD contractor but know someone who is, please share!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy