Working for the world's largest cybersecurity company, it's been a part of my world for decades and now you have the benefit of an expert in your back pocket.
It can sure feel intimidating to reach out to an expert, but you don't know what you don't know so if you have questions, others do, too.
Just think! You'll be helping me help many more people, just by asking. But, feel free to take a look below, because...
What are CVEs?
CVE stands for Common Vulnerability and Exposures
NVD stands for National Vulnerability Database
Currently, there are over 200,000 CVE records available in the NVD
CVEs are given a rating using the Common Vulnerability Scoring System (CVSS). The base score is composed of six metrics which can be used to calculate a severity score of 0-10. These metrics are:
Access vector – The way in which a vulnerability can be exploited (e.g., locally or remotely). Remotely ranks higher.
Attack complexity – How difficult a vulnerability is to exploit. The more difficult, the lower the score.
Authentication – How many times an attacker has to use authentication credentials to exploit the vulnerability. The higher the number, the lower the score.
Confidentiality – How much sensitive data an attacker can access after exploiting the vulnerability. Access large amounts, the higher the score.
Integrity – How much and how many files can be modified as a result of exploiting the vulnerability. The more modified, the higher the score.
Availability – How much damage exploiting the vulnerability does to the target system (e.g. reduced performance/functionality). The more damage, the higher the score.
With the most dangerous CVEs, the metric most often used is not the CVSS score, but rather how commonly a CVE has been exploited. Or what is more commonly called “Out In The Wild” which means the exploit was used before patch updates could happen. Remember, most Zero-Day CVEs are caught before they're ever deployed to the public.
Because there have been vulnerabilities exploited in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) now maintains a Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog currently contains over 800 entries.
Why are they important?
CVEs are not malicious code created by bad actors.
CVEs are vulnerabilities within legitimate code used in any computing software. Often, CVEs occur in source code or fundamental coding blocks.
The most recent two that ranked high on the NVD scale was CVE-2023-4863 and CVE-2023-44487.
CVE-2023-4863: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
and
CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.
While patching has been ongoing, it could take years for all the patching work to be completed.
What To Look For When App Updates Are Rotten Free - Coming Soon
Your mobile apps may start out passing Google's & Apple's stringent security vetting, but once downloaded, updates may not be safe.
JOIN THE WAITLIST
Get it now [Link]
Cybersecurity is intimidating, especially when you don't know what you don't know. In this mini-training, we'll cover some basic principles, definitions, methods, and tools to help you create your cybersecurity plans.
Join the Waitlist
Alert & Secure - Curated Security News + Threat Alerts $9/mo.
Stay on top of the latest in the threat landscape with this weekly subscription newsletter. Get top recommended solutions, products, and strategies provided by cybersecurity experts from around the world. I do this for myself, friends and family. I can do this for you, too, so you don’t have to go down that cybersecurity rabbit hole.
Subscribe
A quick under 1 hour security training to secure your Facebook account while giving phishers the phinger.
Phlip off Phishers, Now [Link]
Those smart devices and appliances that make things easier for you... also makes it easier for cybercriminals to gain access to your home network. Ask the casino in Vegas hacked through a fish tank with a remote monitoring system connected to the corporate network about the $billion heist.
Learn how to keep your Roomba in check, your Ring on your side, and your front door locked.
Become a WiFi Warrior [link]
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae.
Discover the art of device protection in this workshop focused on securing your Android smartphones, laptops, and tablets.
From enabling tracking features to setting up remote wipe capabilities, you'll learn how to keep your devices safe from physical theft with a bonus of helping the police nab the thief.
STOP. Thief! [link]
Discover the art of device protection in this workshop focused on securing your Android smartphones, laptops, and tablets.
From enabling tracking features to setting up remote wipe capabilities, you'll learn how to keep your devices safe from physical theft with a bonus of helping the police nab the thief.
STOP. Thief! [link]
A cyberattack can be catastrophic and having a Business Recovery Plan or Disaster Recovery Plan as a strategic guide — detailing the processes and timelines needed to restore your critical functions to pre-incident levels ASAP — can minimize the effects of the incident so you can continue to operate and quickly resume key operations.
Learn More [link]
Go beyond Social Engineering Attacks with essential strategies, tools, and techniques to protect your business revenue tools, such as payment gateways, e-commerce platforms, and financial accounts, from potential cyberattacks and fraud.
Lock The Vault [link]
Research shows that about 80% of all companies have experienced a cyberattack at least once with the top 2 major factors attributed to naive or careless mistakes by employees. With online entrepreneurs using remote teams, raising employee awareness about maintaining data security reduces that risk.
Leadership Risk Prevention Training
ChatGPT’s own plugin red team members found they could send fraudulent or spam emails, bypass safety restrictions, or misuse information sent to the plugin, it’s time not only for a conversation about plugins, but some practical actions to keep our businesses safe.
AI Can Lie [link]
From an audit to step-by-step actions, whatever you need, we'll get done.
There are two things I like a lot: protecting people and a good deal. Save over 25% with a two course bundle.
There are two things I like a lot: protecting people and a good deal. Save over 25% with a two course bundle.
When you need more than 90 minutes, but not as much as a VIP Half-Day, here's your solution.
All the workshops and courses + private community + Q&A + 3 60-Minute 1:1s.
3rd party data collectors have massive databases worth billions. Using just a few not-the-usual-recommended techniques, you can put those data collectors in the corner every time you surf the web.
Your mobile apps may start out passing the App Stores' stringent security vetting, but once downloaded, updates may not be safe. This cheat sheet gives all help you'll need to spot the signs of a bad app update.
As a parent, you know bad people are on the internet and you don't know what you can do about it, until now.
The Quick Start Guide to keep Kids
CyberSafe by being CyberSmart.
COMING SOON!
Cybersecurity is intimidating, especially when you don't know what you don't know. We'll cover some principles, definitions, methods, and tools in this workbook to create your Cybersecurity Roadmap.
As an entrepreneur, you already know your personal data is on the internet and everyone agrees there's not a thing you can do about it. But...
What if I could show you 6 ways to Say Delete me to the internet, would you be in?
The Cybersecurity Subscription that breaks down complex, eyes glazed over, jargony super tech security into bite-sized, crystal clear, explain it like I’m 9 Strategies & More So Entrepreneurial CEOs Can Quickly Make Security Decisions to Protect Their Business
This is your quick security support call. Within those 15 minutes, we'll assess an issue and determine the solution you need and how much time it will take to handle it. The call can also be used AMA style.
This security support call is for one-to-one training, coaching, or consulting.
80% of all companies experienced a cyberattack with human error as the main factor. This On-Demand Workshop teaches you exactly what you need in place to protect your business.
Discover the 6 Layers of Cybersecurity you need to keep your business secure online. From physical equipment to the human factor, you'll learn: Your current security; Its strength; what's missing; and how to get it.
This LIVE workshop is the foundational first step to uncovering the fundamentals of data security and secure cloud storage.
November 28, 2023
11am PDT/2pm EDT
In this on-demand workshop, You'll equip yourself with the knowledge to protect your business data and communications while working remotely or traveling, ensuring that your mobile devices become impenetrable fortresses.
This On-Demand Workshop is your quick take action solution to Fort Knox your Facebook Account. I'll teach you how to use the best security tool and the real secret to seamless account access.
The comprehensive course to teach you how to use free and paid techniques to legally remove private information from those databases.
ddddd
Your Paragraph text goes Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae. here
Security/Privacy Audit
VIP Half-Day
VIP Day
This is my affiliate link which means I may receive a commission if you purchase something through a link at no additional cost to yourself. Please be assured that I only recommend products I have personally used and love!
Cybersecurity for DIY Entrepreneur
Vulnerability and Protection Courses
Anti-hacker Workshops
FB Community
Checklists, Planners, plus Q&A time
one Sentence brief description of service number one
Mauris ac vestibulum nibh, quis euismod velit. Mauris sodales tincidunt ex vitae viverra. Nunc neque eros, convallis vel eros id, molestie bibendum neque. In hac habitasse platea dictumst. Integer quis hendrerit eros tincidunt ex vitae viverra. Nunc neque eros, convallis vel eros integer quis hendrerit eros.
Social Media Management
WordPress Updates
FB Community Management
Graphics For Social Media Posts
Social Media Management
WordPress Updates
FB Community Management
Graphics For Social Media Posts
Lorem ipsum dolor sit amet, consectetur adipi scing elit. Aenean dolor turpis, rutrum ut velit id, volutpat tempor nibh. Sed volutpat viverra mi quis varius. Proin ultricies arcu lacus, quis ultri cies sapien venenatis sed. Praesent at lacus rutr um, ornare nisl ac, euismod nisi. Etiam cur sus varius lorem at ultricies. Sed velit eros, sodales eu tincidunt a, facilisis ac risus.
one Sentence brief description of service number one
Mauris ac vestibulum nibh, quis euismod velit. Mauris sodales tincidunt ex vitae viverra. Nunc neque eros, convallis vel eros id, molestie bibendum neque. In hac habitasse platea dictumst. Integer quis hendrerit eros tincidunt ex vitae viverra. Nunc neque eros, convallis vel eros integer quis hendrerit eros.
Social Media Management
WordPress Updates
FB Community Management
Graphics For Social Media Posts