Cyber Vulnerabilities Hackers are Latching onto Right Now
Ipswich based Corbel Solutions specialise in IT Support and Cyber security and want to raise awareness of the cyber vulnerabilities that hackers are latching onto right now – that businesses in Suffolk should be aware of.
When working with technology, it is unfortunately inevitable that software vulnerabilities will occur. Hackers are constantly looking to gain access into systems and hack important credentials, and they do this by looking for small issues within developers’ codes that they can latch onto. Developers can then try to quickly respond by fixing a vulnerability however it’s only so long before a new feature update comes along – this then provides hackers with the opportunity to do the exact same thing again. You are then stuck in a continual cycle of having your data hacked and having to temporarily solve the issue.?
Keeping up to date with any data vulnerabilities should be a top priority for IT management firms in Suffolk and it is important to be aware which operating systems are being attacked and what you can do to patch the vulnerabilities. A proactive business?IT Support?partner should be managing this for you week in week out as part of a layered?Cyber Security?protection framework.
When there is a lack of patch and update management, company networks can quickly become vulnerable. These attacks can be avoided, but a surprisingly large percentage of cyber attacks are because of exploiting vulnerabilities that were easily patchable.
Various vulnerabilities exist amongst well known applications and search engines such as Microsoft, Google, and Adobe. This blog outlines these vulnerabilities to help you to prevent any attacks from occurring.
One thing to note is that the vulnerability names will contain the acronym “CVE” at the front of them. This doesn’t need to be confusing; it simply stands for common vulnerabilities and exposures and is just an industry-standard naming structure.
Vulnerabilities you Need to Patch
Cyber Vulnerabilities in Microsoft
Microsoft has various vulnerabilities across a range of its products – one of which is Internet Explorer.?The Internet Explorer was discontinued by Microsoft at the end of June 2022. However, if you still have it installed you should delete it, to avoid being exposed to any form of vulnerability.
Microsoft currently have the following vulnerabilities, and this is what hackers have the potential to do:
CVE-2012-4969
This is the Internet Explorer vulnerability – hackers can remotely enter malicious code onto a computer in the case they were to exploit this vulnerability. This vulnerability is critical due to the amount of damage it can cause; hackers can release new malicious code through a website which is particularly dangerous for numerous reasons. It can result in previously safe websites becoming phishing sites, which can then result in others entering their login credentials and being hacked. Small loopholes have the potential to have large implications.
CVE-2013-1331
This vulnerability is due to an issue in code between Microsoft Office 2003 and Office 2011 for Mac. Hackers can launch a malicious attack which can target one or more computers on a particular network. This issue in code presents a vulnerability in Microsoft’s buffer overflow function (a feature that activates when a program or process attempts to write more data to a block of memory than the buffer can hold) Hackers can then manipulate the code within this and exploit its confidential data in a dangerous way.
CVE-2012-0151
This impacts the Authenticode Signature Verification function of Windows. The vulnerability involves a user-assisted attack e.g., they will open a malicious file within a phishing email. After the user has assisted in the attack, hackers will be able to place malicious code onto the system – which again can have dangerous implications.
Cyber Vulnerabilities in Google
Another application which contains vulnerabilities is Google Chrome, as well as applications that have been built using Google’s Chromium V8 Engine. Here are the following vulnerabilities they have, and this is what hackers can do:
CVE-2016-1646 & CVE-2016-518
Both these vulnerabilities allow a denial-of-service attack to occur. A denial-of-service attack is one which can shut down a machine and make it inaccessible to its users. Through using remote control, hackers will direct this attack towards a website and flood it with so much traffic that it eventually crashes.
CVE-2018-17463 & CVE-2017-5070
These are additional code flaws that will allow hackers to crash sites in the same way as mentioned above. There is a range of patches that users can install to fix these issues to avoid data from being breached – having offensive security mechanisms in place such as this is crucial in having a good defence against these potential hackers.
领英推荐
Cyber Vulnerabilities in Adobe
Adobe Acrobat Reader is an application mainly used to share documents. It allows people to share documents across a range of platforms and operating systems. However, despite its usefulness, it still has various vulnerabilities that hackers can latch onto:
CVE-2009-4324
Hackers can obtain entry through a PDF filetype through an issue within code. When receiving unfamiliar emails, you should still be aware of PDF attachments and not assume that they are a safer filetype.
CVE-2010-1297
This vulnerability can result in a machine or network to shutting down. Hackers then have the potential to corrupt memory within the machine. Adobe Flash Player has been discontinued, and if you still have it you should uninstall it from your PCs and websites.
Cyber Vulnerabilities in Netgear
You may not have heard of Netgear before – however for businesses in Suffolk they are a popular brand of wireless router. They also sell a range of other internet-connected devices. Although, they have a range of vulnerabilities that can allow hackers to access:
CVE-2017-6862
This flaw allows hackers to remotely gain access to code which allows them to hack confidential credentials. It can result in password authentication being taken down within the code and mean that hackers can gain easy access to user’s login credentials by appearing as Netgear themselves.
Cyber Vulnerabilities in Cisco
Cisco is a US technology company that is known best for its networking hardware, software and telecommunication products. They also appear to have some vulnerability within their coding:
CVE-2019-15271
The vulnerability is within the buffer overflow process of a particular router that Cisco have. It is a particularly dangerous vulnerability as once hackers gain access; they have the rights to basically do what they want with your device, and they can manipulate code as they wish. This concept where hackers can do what they want to a device is known as “root” privileges.
Patch & Update Regularly
Above outlined is just some of the vulnerabilities within a few applications – to see more on the CISA (Cybersecurity and Infrastructure Security Agency) list you can access them?here.
To ensure that your network is kept safe from any vulnerabilities, you should seek to patch and update regularly to prevent any breaches from occurring. Working with a trusted?IT Support?partner in Suffolk, to provide a proactive managed service as part of your cyber-security defence including software updates is also essential in staying protected and preventing any breaches that are waiting to happen, from occurring. Another crucial element to consider is?Cyber Security Training?to ensure that everyone is aware of how they can help keep your business protected. At our?Open Morning?on Tuesday 8th?November, Corbel are running free cyber security sessions where you can see our Cyber Training portal in action.
Keeping Cyber Secure
Implementing a patch and management framework is just one way that your business in Suffolk can stay cyber secure. There are various other things your business should implement to ensure you stay protected and that your details are not at risk. Ipswich based Corbel Solutions provide an extensive range of?cyber security services?and?IT consulting services?to help keep your business protected and avoid the breaching of confidential information.
If you are looking for a proactively managed?IT Support?arrangement that will help keep your business protected, Corbel Solutions work with businesses in Ipswich, Felixstowe, Hadleigh and the surrounding Suffolk area offering business IT Support and best practice advice on?Cyber Security, from?IT consulting services?to?Office 365 support.?Ipswich based Corbel will work effectively with you to help maximise your business capabilities.
Corbel are hosting our very own?open morning?on Tuesday 8th?November from 9:30am – 12:00pm. Throughout the morning we will be giving the very latest Cyber Security advice with the opportunity to see how our?Cyber Training?portal works and how it can be used within your team. Come along, grab a coffee, get to know our team and get the very latest technology updates including?Cyber Security, Automation, Technology Roadmaps and?IT Strategy.?Register?here.