What is CMMC? CMMC Update Archives CMMC Links
Security Awareness Training Public Speaking Expert Witness
Newsletters Whitepapers Articles Videos Interviews Additional Resources
Cyber Security News & Tips by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

March 5, 2024

Good morning, everyone!

This week’s critical vulnerabilities:
  • ‘Ultimate Member’ WordPress Plugin released an update with a critical fix
  • Cisco has released critical patches for multiple version of Nexus devices, as well as UCS 6400 and 6500 series fabric interconnects
  • Zyxel has released updates with four critical fixes for its firewalls and access points

Patch All the Things!



If you don't need it, get rid of it!

This is a standard security practice, included in most security standards I've ever read, and yet few people or organizations actually follow this practice. Let's talk about what this is, and why it's important.

You can't secure it if you don't know it's there. If your employees (or family members) have local administrative privileges on their computers, they can install software (and malware, but that's a topic for another time). There are two reasons this could be problematic:

1. Missing updates Remember that LastPass Breach ? More recent information has indicated that the bad guys took advantage of a vulnerability in Plex, a streaming app, installed on the senior engineer's computer. Having auto-update turned on for Windows and MacOS is not going to auto-update third-party applications on your computer (and even the endpoint management tool on your network can't update software it doesn't know about). You need to keep a software inventory, check periodically to make sure everything is up to date, and remove unnecessary software. (If you need a refresher, read How do I Patch my Things?)

2. Pre-installed malware A few years ago, Lenovo was hit with a massive class-action lawsuit regarding the use of software from Superfish, an ad company whose programs endangered sensitive data, in its laptops. This is just one example of the many potentially unwanted software applications that may be installed on work or personal devices. They may seem innocuous, and may not be inherently bad, but they can provide backdoors to your network and to your data.

So, go take inventory and determine what software you need to keep. Have a good week!

Glenda R. Snodgrass

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!



Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺

TNE. Cybersecurity. Possible.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
fax: (251) 433-5371
email: sales at theneteffect dot com
Secure Payment Center

Site Map

Home
Employee Training
Security Awareness Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews

The Net Effect, LLC

Copyright 1996-2024 The Net Effect, L.L.C. All rights reserved. Read our privacy policy