CyberSecurity Bulletin #1
January 16, 2020
CyberSecurity Bulletin Topics
CyberSecurity Bulletins by Annie Richardson Consulting
These bulletins are created bi-weekly representing a culmination of CyberSecurity vulnerabilities and issues. In these bulletins, we’ll talk about the threats (vulnerabilities) and the risks levels, as well as what you can do about them.
What is CyberSecurity?
TechTarget describes Cybersecurity as “the protection of internet-connected systems, including hardware, software and data, from cyberattacks.” The goal of cybersecurity is to limit risk and protect IT assets.
The Real Threat to your IT Security
For many years, we have always said the real threat to your IT Security is internal users. Yes, that’s still true, but it goes further than that. The real threat is the user that accesses information they don’t need for their day-to-day work. Nothing really nefarious, just nosiness. A recent study indicated that 92% of people have tried to access information they didn’t need. Nearly one-forth of them do it regularly!
According to CFO Daily News, the biggest offender is IT pros (at 66% or two-thirds!), and they know better.
Be careful about accessing information that isn’t any of your business. Not only is it against best practices in most environments, but it can also be illegal depending on how much sensitive data is housed in your company. The best advice is to use access controls, but we all know that senior IT executives feel they are above the law when it comes to this.
One of the ways to counter this is to inform your senior executives that this is a huge risk and that they, individually, would have to answer to the public, shareholders, and possibly law enforcement, if there a hacker got in and data was stolen.
Make sure your environment understands the consequences of putting their noses in things that aren’t their business.
You can read more about this at “Here’s who the real biggest threat to your IT security is” by Jennifer Azara.
The following plug-ins have been found to have vulnerabilities and simply need patching to their latest version. Quick Tip: Always perform a backup prior to patching!
- WP Spell Check
- CSS Hero
- Ultimate Addons for Beaver Builder
- Ultimate Addons for Elementor
- Quiz and Survey Master
- 301 Redirects
- Featured Image from URL
- bbPress Members Only
- bbPress Login Register Links on Forum Topic Pages
- GDPR Cookie Compliance
- Photo Gallery
- Minimal Coming Soon and Maintenance Mode
- WooCommerce Conversion Tracking
- Import Users from CSV with Meta
- Ultimate FAQ
- WP Simple Spreadsheet Fetcher for Google
- Backup and Staging by WP Time Capsule
- InfiniteWP Client
- Ultimate Auction
- WooCommerce – Store Exporter
- Awesome Support
- Videos on Admin Dashboard
- Computer Repair Shop
The following plug-ins have been found to no longer be maintained or supported and should be removed.
- Scoutnet calendar
The following Themes have been found to have vulnerabilities and simply need patching to their latest version.
- Travel Booking
- ElegantThemes Divi Builder
- Real Estate 7
The following Themes have been found to no longer be maintained or supported and should be removed.
Ring Camera Hacks
Ring Camera was found to be hacked recently as a result of weak passwords and no router security. Use stronger passwords and two-factor authentication to fix.
5 Popular Windows 10 Settings Tweaks you need to Stop Listening To
- You CAN Update your Firmware
- Don’t mess with the Page File
- Do not use defrag
- Uninstall any Registry Cleaner and do not buy another
- Don’t worry so much about telemetry from the data Microsoft is collecting from you
Read more about this at ZDNet’s Article.
NSA Discovers Vulnerability in Windows 10
Be sure you have the latest Windows Security Patch. The vulnerability is related to the Windows certificates and cryptographic messaging functions.
Thanks for reading the Fairy GodMother’s CyberSecurity Bulletin. We hope you will come back! To read previous versions, go to the Main Page.
My latest blog posts.
What is an essential technical website audit and why would I need one? Well, for starters, site speed. Technical Website audits go far beyond the standard site speed and image compression tests. Although those two tests can be done fairly easily, the technical audit goes so much further. https://annierichardsonconsulting.com/fbmmwl Basic Steps of a Technical Website…
Recently, I switched eMail providers. No matter what I did, no one was getting my emails or they were going directly to the SPAM folder. It took a lot of time and energy to fix this problem, so I thought I would show you how to avoid eMail going to SPAM! Reasons emails go to…
Until Next Time, Happy Blogging!
Your Fairy Blogmother
Let’s be social:
YouTube: Your Fairy Blogmother