What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

July 25, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Zimbra is urging users of Zimbra Collaboration Suite to upgrade to 8.8.15 immediately, to correct a vulnerability under active exploit
  • Adobe released multiple patches last week, including critical fixes for ColdFusion and InDesign
  • BD has disclosed eight vulnerabilities in its Alaris Guardrails Suite MX medication infusion products along with recommended mitigations
  • Citrix has issued critical patches for Citrix ADC and Citrix Gateway Security
  • Citrix and CISA have released warnings that vulnerabilities in NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway are under active exploit and should be patched immediately
  • WooCommerce Payments WordPress Plugin released critical fixes earlier this year for vulnerabilities that are now under active exploit

Patch All the Things!

Beware of public wifi

It's full-on summer vacation time and lots of folks are traveling these days, so it seems like a good time to remind people of the dangers of public wifi. I read a great post on the subject on LinkedIn this week from Kevin Parker, an FBI Special Agent who specializes in data privacy and security. He gave me permission to quote some of it here:

Whether it's at a coffee shop, airport, or shopping mall, our devices continuously search for available Wi-Fi networks through what is known as "Wi-Fi Probe Requests." While this feature enhances our connectivity, it also comes with privacy risks that we all need to be aware of.

Wi-Fi Probe Requests are signals emitted by our devices (smartphones, laptops, etc.) to discover nearby Wi-Fi networks. These requests contain the unique MAC address of our devices and the names of previously connected networks. The requests serve as a way for devices to automatically connect to known networks, ensuring seamless connectivity in varied locations. Remember when you connected to the hotel Wi-Fi during your trip to New York? Your phone is still looking for that network.

The alarming fact is that these probe requests can be intercepted by malicious actors, such as cybercriminals and data harvesters. This information could potentially reveal a lot about us, including our movements, frequented locations, and the devices we use. Such data can be exploited for various nefarious purposes, ranging from targeted advertising to malicious Wi-Fi access points used to intercept your traffic.

How do you protect yourself?

  • Disable Wi-Fi When Not in Use: Turn off your Wi-Fi when you're not actively connecting to a network. This minimizes the frequency of probe requests being sent out, reducing the chances of interception.
  • Forget Known Networks: Regularly clear the list of known Wi-Fi networks on your devices. This way, your device won't automatically connect to networks with identifiable names.
  • Disable auto-connect: Prevent your devices from automatically connecting to Wi-Fi networks, especially those you are unfamiliar with or can't verify.
  • Update Device Software Regularly: Keep your devices' operating systems and apps up to date to ensure you have the latest security patches and improvements.

Thank you, Special Agent Parker! (If you are on LinkedIn, you should follow him. He posts a lot of good stuff.)

Free tools for cloud environments

CISA has released a new factsheet, Free Tools for Cloud Environments, " for the purpose of aiding businesses transitioning into a cloud environment in identifying the proper tools and techniques needed for data security and protecting critical assets."

Stay cyber safe this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy