Annie Richardson Consulting

You are here: Home / CyberSecurity / CyberSecurity Bulletin #1

CyberSecurity Bulletin #1

Sharing is caring!

This page may contain affiliate links. When you click the link and make a purchase, I receive a commission. You can read more by viewing my Privacy Policy

CyberSecurity Bulletin #1

January 16, 2020

CyberSecurity Bulletin Topics

CyberSecurity Bulletin Lock

CyberSecurity Bulletins by Annie Richardson Consulting

These bulletins are created bi-weekly representing a culmination of CyberSecurity vulnerabilities and issues. In these bulletins, we’ll talk about the threats (vulnerabilities) and the risks levels, as well as what you can do about them.

What is CyberSecurity?

TechTarget describes Cybersecurity as “the protection of internet-connected systems, including hardware, software and data, from cyberattacks.” The goal of cybersecurity is to limit risk and protect IT assets.

The Real Threat to your IT Security

For many years, we have always said the real threat to your IT Security is internal users. Yes, that’s still true, but it goes further than that. The real threat is the user that accesses information they don’t need for their day-to-day work. Nothing really nefarious, just nosiness. A recent study indicated that 92% of people have tried to access information they didn’t need. Nearly one-forth of them do it regularly!

According to CFO Daily News, the biggest offender is IT pros (at 66% or two-thirds!), and they know better.

Be careful about accessing information that isn’t any of your business. Not only is it against best practices in most environments, but it can also be illegal depending on how much sensitive data is housed in your company. The best advice is to use access controls, but we all know that senior IT executives feel they are above the law when it comes to this.

One of the ways to counter this is to inform your senior executives that this is a huge risk and that they, individually, would have to answer to the public, shareholders, and possibly law enforcement, if there a hacker got in and data was stolen.

Make sure your environment understands the consequences of putting their noses in things that aren’t their business.

You can read more about this at “Here’s who the real biggest threat to your IT security is” by Jennifer Azara.

Vulnerabilities

WordPress Plug-Ins

The following plug-ins have been found to have vulnerabilities and simply need patching to their latest version. Quick Tip: Always perform a backup prior to patching!

  • WP Spell Check
  • CSS Hero
  • Ultimate Addons for Beaver Builder
  • Ultimate Addons for Elementor
  • Donorbox
  • Quiz and Survey Master
  • 301 Redirects
  • Rencontre
  • Featured Image from URL
  • bbPress Members Only
  • bbPress Login Register Links on Forum Topic Pages
  • GDPR Cookie Compliance
  • Photo Gallery
  • Minimal Coming Soon and Maintenance Mode
  • WooCommerce Conversion Tracking
  • Import Users from CSV with Meta
  • Ultimate FAQ
  • WP Simple Spreadsheet Fetcher for Google
  • Backup and Staging by WP Time Capsule
  • InfiniteWP Client
  • Ultimate Auction
  • WooCommerce – Store Exporter
  • Awesome Support
  • Videos on Admin Dashboard
  • Computer Repair Shop
  • LearnDash

The following plug-ins have been found to no longer be maintained or supported and should be removed.

  • Scoutnet calendar
  • Postie

WordPress Themes

The following Themes have been found to have vulnerabilities and simply need patching to their latest version.

  • Mesmerize
  • Materials
  • ListingPro
  • Travel Booking
  • ElegantThemes Divi Builder
  • EasyBook
  • TownHub
  • CityBook
  • Real Estate 7

The following Themes have been found to no longer be maintained or supported and should be removed.

  • Superlist

Around Cyberverse

Ring Camera Hacks

Ring Camera was found to be hacked recently as a result of weak passwords and no router security. Use stronger passwords and two-factor authentication to fix.

5 Popular Windows 10 Settings Tweaks you need to Stop Listening To

  • You CAN Update your Firmware
  • Don’t mess with the Page File
  • Do not use defrag
  • Uninstall any Registry Cleaner and do not buy another
  • Don’t worry so much about telemetry from the data Microsoft is collecting from you

Read more about this at ZDNet’s Article.

NSA Discovers Vulnerability in Windows 10

Be sure you have the latest Windows Security Patch. The vulnerability is related to the Windows certificates and cryptographic messaging functions.

Thanks for reading the Fairy GodMother’s CyberSecurity Bulletin. We hope you will come back! To read previous versions, go to the Main Page.

To guest post on the CyberSecurity Bulletin, contact us at [email protected].

My latest blog posts.

Various Office tools, Join us for Tech Talk Thursdays
books with stars background, Fairy Blogmother Masterminds Coming Soon 2020
dark background, creepy dude with zeros and ones all around. Cyber Security Bulletin #1

Until Next Time, Happy Blogging!

hand written, Happy Blogging, Annie

Your Fairy Blogmother

Let’s be social:

Facebook Page

Facebook Groups:

YourFairyBlogMother

TwoMinuteBlogTech

Pinterest: YourFairyBlogMother

Instagram: AnnieYourFairyBlogmother

YouTube: Your Fairy Blogmother

 

FREE STUFF that you can actually use!

Sign up for FREE resources, training, and other printouts. We will never spam you. We love our readers!

Thanks! Keep an eye on your inbox for updates.

CyberSecurity Bulletin #1 1

CyberSecurity Bulletin #1 2

Footer

All you need is love. And coffee. Must have coffee.

shares