What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

February 6, 2024

Good morning, everyone!

This week’s critical vulnerabilities:
  • Ivanti has released patches and warned of new vulnerabilities, advising its customers to “factory reset their appliance before applying the patch to prevent the threat actor from gaining upgrade persistence in your environment.”
  • AnyDesk remote access software should be updated to the latest version immediately (the old code signing certificate will be revoked soon, due to a system breach)
  • GitLab released critical fixes for its Community Edition (CE) and Enterprise Edition (EE) instances
  • Juniper Networks has released critical fixes for J-Web in SRX Series and EX Series

    Did your "automatic" updates get installed?

Patch All the Things!



Secure Your Stuff

Big news this week was learning that the FBI has once again hacked into private networks to implement security measures that the owners had ignored. This time, it was discovered that a Chinese group known as Volt Typhoon had infiltrated information systems of critical infrastructure ("including naval ports, internet service providers and utilities"). Well, that's scary!

What can you do about this? Well, here's the important bit from the perspective of the Average Joe:

Volt Typhoon has functioned by taking control of vulnerable digital devices around the world - such as routers, modems, and even internet-connected security cameras - to hide later, downstream attacks into more sensitive targets, security researchers told Reuters.

This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because it limits the visibility of cyber defenders that monitor for foreign footprints in their computer networks.

This is why it's important to secure your stuff! (instructions here) Even if you don't care about your own privacy and security, at least don't let your devices be used to attack others.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Have a great week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy