January 30, 2024

Good morning, everyone!

This week’s critical vulnerabilities: Better Search Replace WordPress plugin has released an update to fix a critical flaw Cisco has released important security updates to multiple Unified Communications and Contact Center Solutions products Jenkins software has received 9 critical fixes in its latest update Known vulnerabilities under active exploit: Atlassian Confluence, VMware vCenter and GitLab Did your "automatic" updates get installed? Patch All the Things!

This past week, the Health Sector Cybersecurity Coordination Center (HC3) issued an alert that "the ScreenConnect remote access tool has been abused by a threat actor to gain access to the networks of organizations in the healthcare and public health (HPH) sector."

How did it happen? Guess! "[T]he threat actor gained access to an unmanaged on-premises instance of ScreenConnect that had not been updated since 2019" (smacking forehead) So that's a total "Patch all the things!" lesson for sure, but it also reminded me of a credit card theft scam that went on a few years ago, and some Pensacola-area restaurants fell victim. It's a lesson that applies to all of us, not just credit card merchants.

It happened like this: a couple of bad guys got jobs in tech support for a point-of-sale software application. After working there for awhile, learning how the software works, how typical tech support calls go, getting familiar with the customers, they started to move. They began calling restaurant clients of this vendor during lunchtime, when it was really busy. They would tell the manager that a critical update to the credit card processing software needed to be applied immediately. He would open up the standard remote access session they used for tech support, and walk away. The restaurant was busy and he didn't think he was needed.

Guess what? Under the guise of updating the credit card software, the bad guys installed a tool to steal all the credit card data submitted for processing. The restaurant manager gave them access to do it, and didn't supervise their work.

There are two lessons in this story:

(1) Any time you give remote access to your device to someone else, sit there and watch what they are doing! Ask questions! Make sure you understand what they are doing, and that it matches up with what you expected them to do. If you have any doubt, close the remote session. (I did this once when I let AT&T get onto my dad's computer to fix an email problem of some sort, and the support tech started trying to change the email settings in Thunderbird, which I knew was *not* the problem. I told her to stop but she didn't, I grabbed the mouse, she grabbed it back, so I pulled the ethernet cable out of the computer to shut her down.)

(2) Don't forget about Screenshare Blunders & Selfie Awareness

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺