June 20, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things! |
Let's look at "Protect"
Last week's newsletter talked about identification, one of the five core functions of the NIST Cyber Security Framework (CSF). This week I want to talk a bit about the next core function, Protect. How do you protect yourself online?
Keep software up to date. This is the single most important thing you can do to protect your devices online. For example, if you open a PDF file infected with malware, and that malware is designed to take advantage of a particular vulnerability in Adobe, but your Adobe has been patched, that device is immune to that malware. An ounce of prevention is worth a pound of cure! Read more in this newsletter.
Enable 2FA anywhere it's available.This is the single most important thing you can do to protect your online accounts. If you've read any of my past newsletters, you know Why I Love Two Factor Authentication 'Nuff said.
Use antivirus software Antivirus/antimalware applications are not a magic bullet, as new malware is being created at the rate of 450,000 per day. AV will find and kill the known applications, so it's still a very useful tool to have. PC Magazine just released its latest reviews of The Best Antivirus Software for 2023.
Secure your things. The instructions here are relevant to securing most smart things.
Stay safe online this week!
Do you have Cisco networking equipment?
Do you have any Cisco networking equipment purchased online from a vendor that you don't have a personal relationship with? If so, you should probably read this and take action accordingly:
According to documents filed in this case and statements made in court, Onur Aksoy, 39, of Miami, ran at least 19 companies formed in New Jersey and Florida, as well as approximately 15 Amazon storefronts and at least 10 eBay storefronts (collectively, the “Pro Network Entities”), that imported from suppliers in China and Hong Kong tens of thousands of low-quality, modified computer networking devices with counterfeit Cisco labels, stickers, boxes, documentation, and packaging, all bearing counterfeit trademarks registered and owned by Cisco, that made the goods falsely appear to be new, genuine, and high-quality devices manufactured and authorized by Cisco.
The devices the Pro Network Entities imported from China and Hong Kong were typically older, lower-model products – some of which had been sold or discarded – which Chinese counterfeiters then modified to appear to be genuine versions of new, enhanced, and more expensive Cisco devices. The Chinese counterfeiters often added pirated Cisco software and unauthorized, low-quality, or unreliable components – including components to circumvent technological measures added by Cisco to the software to check for software license compliance and to authenticate the hardware. Finally, to make the devices appear new, genuine, high-quality, and factory-sealed by Cisco, the Chinese counterfeiters added counterfeited Cisco labels, stickers, boxes, documentation, packaging, and other materials.
Stay safe online this (and every) week!
Important information for all US Dept of Defense contractorsIf you do work for the US DoD, or for any of its contractors, there's a lot going on right now in the realm of cyber security requirements. My latest CMMC Update newsletters (May 15 and June 6) discuss some of these, and there is a lot of good info in the archived editions as well. If you aren't a DoD contractor but know someone who is, please share! |
Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.
Have a great week!
Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months
ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺