What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

August 15, 2023

Good morning, everyone!

This week’s critical vulnerabilities:
  • Microsoft's Patch Tuesday included patches for 88 vulnerabilities, includng 6 critical and 2 under active exploit
  • Adobe released four critical updates last week
  • Intel published 46 security advisories alerting customers to roughly 80 vulnerabilities in its software and firmware
  • SAP released 16 security notes to address vulnerabilities in multiple products
  • PaperCut has released an update to PaperCut NG/MF (version 22.1.3) to correct a critical security issue

Patch All the Things!

Practice Selfie Awareness

I know I've talked about this before, but not extensively, and I got to thinking about it again this week -- in the grocery store, of all places!

As I walked up to the checkout lane at my local grocery store, I noticed two people just ahead of me who had obviously just come from work and were stopping in to grab lunch at the deli. I know this, because one was wearing scrubs, and the other was wearing heavy workboots with jeans and company logo shirt and looked really hot (of course, who doesn't look hot right now? but I digress).

Why did they catch my eye? Because both had security badges in plain sight -- one hanging from a lanyard, one clipped to a pocket. Those badges had the company name, that person's photo, and other identifying information (job title, office location, bar code most likely with "confidential" info like employee ID, etc.). This is a security risk for two reasons:

(1) It's a trivial matter to use an ordinary phone to take a photo of a badge like that and make a really good fake. Even if it is an electronic badge, I can grab that signal and imitate it too. Penetration testers do this all the time, as an exercise in testing a company's security.

(2) I now know the full name and employment of two complete strangers, making it quite easy to find them online, and either (1) stalk them (Guys, you are probably shrugging your shoulders right now, but the ladies are paying attention. It's a real threat in our lives.) or (2) begin a social engineering campaign to get their network credentials and attack their employer's information system.

The answer to this is simple -- when you walk out the door at work, put that badge in a pocket or in your purse, or in the glove box soon as you get to your car. Don't create opportunities for the bad guys!

Stay cyber safe this week!

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy