This page may contain affiliate links. When you click the link and make a purchase, I receive a commission. You can read more by viewing my Privacy Policy
CyberSecurity Bulletin #1
January 16, 2020
CyberSecurity Bulletin Topics
CyberSecurity Bulletins by Annie Richardson Consulting
These bulletins are created bi-weekly representing a culmination of CyberSecurity vulnerabilities and issues. In these bulletins, we’ll talk about the threats (vulnerabilities) and the risks levels, as well as what you can do about them.
What is CyberSecurity?
TechTarget describes Cybersecurity as “the protection of internet-connected systems, including hardware, software and data, from cyberattacks.” The goal of cybersecurity is to limit risk and protect IT assets.
The Real Threat to your IT Security
For many years, we have always said the real threat to your IT Security is internal users. Yes, that’s still true, but it goes further than that. The real threat is the user that accesses information they don’t need for their day-to-day work. Nothing really nefarious, just nosiness. A recent study indicated that 92% of people have tried to access information they didn’t need. Nearly one-forth of them do it regularly!
According to CFO Daily News, the biggest offender is IT pros (at 66% or two-thirds!), and they know better.
Be careful about accessing information that isn’t any of your business. Not only is it against best practices in most environments, but it can also be illegal depending on how much sensitive data is housed in your company. The best advice is to use access controls, but we all know that senior IT executives feel they are above the law when it comes to this.
One of the ways to counter this is to inform your senior executives that this is a huge risk and that they, individually, would have to answer to the public, shareholders, and possibly law enforcement, if there a hacker got in and data was stolen.
Make sure your environment understands the consequences of putting their noses in things that aren’t their business.
You can read more about this at “Here’s who the real biggest threat to your IT security is” by Jennifer Azara.
Vulnerabilities
WordPress Plug-Ins
The following plug-ins have been found to have vulnerabilities and simply need patching to their latest version. Quick Tip: Always perform a backup prior to patching!
- WP Spell Check
- CSS Hero
- Ultimate Addons for Beaver Builder
- Ultimate Addons for Elementor
- Donorbox
- Quiz and Survey Master
- 301 Redirects
- Rencontre
- Featured Image from URL
- bbPress Members Only
- bbPress Login Register Links on Forum Topic Pages
- GDPR Cookie Compliance
- Photo Gallery
- Minimal Coming Soon and Maintenance Mode
- WooCommerce Conversion Tracking
- Import Users from CSV with Meta
- Ultimate FAQ
- WP Simple Spreadsheet Fetcher for Google
- Backup and Staging by WP Time Capsule
- InfiniteWP Client
- Ultimate Auction
- WooCommerce – Store Exporter
- Awesome Support
- Videos on Admin Dashboard
- Computer Repair Shop
- LearnDash
The following plug-ins have been found to no longer be maintained or supported and should be removed.
- Scoutnet calendar
- Postie
WordPress Themes
The following Themes have been found to have vulnerabilities and simply need patching to their latest version.
- Mesmerize
- Materials
- ListingPro
- Travel Booking
- ElegantThemes Divi Builder
- EasyBook
- TownHub
- CityBook
- Real Estate 7
The following Themes have been found to no longer be maintained or supported and should be removed.
- Superlist
Around Cyberverse
Ring Camera Hacks
Ring Camera was found to be hacked recently as a result of weak passwords and no router security. Use stronger passwords and two-factor authentication to fix.
5 Popular Windows 10 Settings Tweaks you need to Stop Listening To
- You CAN Update your Firmware
- Don’t mess with the Page File
- Do not use defrag
- Uninstall any Registry Cleaner and do not buy another
- Don’t worry so much about telemetry from the data Microsoft is collecting from you
Read more about this at ZDNet’s Article.
NSA Discovers Vulnerability in Windows 10
Be sure you have the latest Windows Security Patch. The vulnerability is related to the Windows certificates and cryptographic messaging functions.
Thanks for reading the Fairy GodMother’s CyberSecurity Bulletin. We hope you will come back! To read previous versions, go to the Main Page.
To guest post on the CyberSecurity Bulletin, contact us at [email protected].
My latest blog posts.
When it’s time to change WordPress Themes
Weird thing happened to me after blogging for a year or so…I decided it was time to change WordPress Themes. In the beginning of blogging, I know I changed themes about a dozen times before agreeing on a WordPress Theme Premium, Restored316 Beloved. My Theme is beautiful and exhilarating. Only problem is… after months of…
How to Create a Subdomain for New WordPress Installation
Have you ever wanted to create a clone or a new WordPress site that you could “play around with” or use as a test station? I ALWAYS create a subdomain of every WordPress site I manage to test plug-in updates, themes, etc. Here are the basics: Create a subdomain In your hosting site (Siteground, BigScoots,…
Continue Reading How to Create a Subdomain for New WordPress Installation
Until Next Time, Happy Blogging!
Your Fairy Blogmother
Let’s be social:
Facebook Groups:
Pinterest: YourFairyBlogMother
Instagram: AnnieYourFairyBlogmother
YouTube: Your Fairy Blogmother
