Issue: In response to the recent Amazon outage with a route cause related to their DNS service and an amazon-created database, one of the largest privacy-focused DNS services in Europe shut down this week. DNS is the service that manages the ‘behind-the-scenes’ IP addresses that convert them into human-readable domain names. These services are one of the first tiers to protect online privacy and DNS0.EU, the largest privacy-focused one, shut down this week.
Resolution: Internet service and access to or from European-based services may continue to experience brief outages while the changes propagate (share) through the Internet. Firms present in Europe or who have clients in Europe may want to locate another DNS service to continue uninterrupted service.
Risk 2: Medium
Issue: There has been a significant increase in the number of attacks being conducted against dated WordPress plug-ins and themes. The attacks are using broad-sweeping scanners to determine which sites use WordPress and is NOT host-specific. WordPress is very popular framework for designing and managing websites. Once breached, all information stored within your hosting environment may be accessible, including any contacts or form-based data.
Resolution: If you use WordPress, it is crucial to constantly be managing and updating your website plugins. This takes minimum time and can be a great first-step to mitigation. If you used a third-party to design your website and are unsure how to manage your plugins, there are plenty of hosts out there who will manage your plug-ins for you. Of course, for a small fee. My WordPress host charges about $5/mo for this service.
Risk 3: High
Issue: LastPass is under attack (again). This time, however, there is little they can do directly. There is an increase in phishing e-mails stating that LastPass is shutting down and to click on the link to download your passwords. Once the user clicks on the link, they are asked to provide their vault password, giving access to all passwords within.
Resolution: We have not been a fan of LastPass for a while now and this is just an ongoing trend reducing favor as well. If you have received this e-mail and clicked on it, it is urgent that you obtain a new password manager and change all of your passwords immediately.
Risk 4: Medium
Issue: Greater vulnerabilities within the new round of “AI-owned browsers” such as OpenAI’s Atlas and Perplexity’s Comet are continuing to open us users to greater vulnerability through their enhanced AI-sidebars.
Resolution: Your enterprise machine is now the place to be testing out new products, especially those with direct access to your data. For the moment, it is best to stay with a standard, trusted browser to reduce your risk.
Risk 5: High
Issue: TP-Link has, yet again, acknowledged a vulnerability within its Omada collection of devices, allowing administrative access to your entire network.
Resolution: Users should apply the latest update. But more importantly, given the ongoing issues and lack of security measure within TP-Link’s products, we are issue both a “Stop Purchase” and a “Replace” on their entire product line. TP-Link does not prioritize security.
Risk 6: High
Issue: WatchGuard, a provider of enterprise-level firewall devices, has announced a significant vulnerability in a collection of their firewall devices. This vulnerability would allow even a non-administrative user to access and attack your network without permission.
Resolution: WatchGuard has released a firmware update. Any WatchGuard user should apply the firmware update immediately to avoid disruption.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
What is recommended as a better LastPass alternative and why?