I write about patches and updates a lot, but making sure you get the updates from legitimate sources is essential. Do not create a cyber security issue where none need exist. Always go the the vendor’s official sites – double check the URLs – or go through the “update” options …
CISA Security Advisories
The week of Microsoft’s Patch Tuesday is a always a busy time for security advisories on the the US government’s Cybersecurity and Infrastructure Security Agency (CISA) website. Here are the current notifications, including Microsoft (of course), Apple, Mozilla and Adobe: Microsoft Releases April 2023 Security Updates | CISA (Patch Tuesday …
Phishing emails – can you recognise them?
Phishing emails with a carefully scripted social engineering message, a malicious .pdf file with links to malware stored in Firebase Storage on Google. Brad Duncan on SANS InfoSec Handlers Diary Blog has the full story including screenshots of the phishing email and the steps to infection: Recent IcedID (Bokbot) activity …
Continue reading “Phishing emails – can you recognise them?”
WordPress vulnerability
You always need to keep up with the cyber security of your WordPress website and any plug-ins you use. Here is another that needs checking: Massive Balada Injector campaign attacking WordPress sites since 2017 (bleepingcomputer.com) Now the question you need to ask yourself is who looks after my website, assuming …
You must have an Android cyber security policy
People complain about the way Apple controls its App store, “Android and Google Apps are far less restrictive”, but whatever the arguments it does mean their level of app curation improves the cyber security of Apple devices. The fact that Apple controls both the hardware and operating systems of their …
Continue reading “You must have an Android cyber security policy”
