Tag: patch management

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Information Security, IT Support
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says The Canadian Centre for Cyber Security recently revealed that in recent months several Canadian organizations' computer networks have fallen victim to cyberattackers via unpatched devices and inadequate authentication. "In recent months, the Cyber Centre [Canadian Centre for Cyber Security] has been made aware of several compromises of computer networks in Canada," the Canadian Centre for Cyber Security said. "In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version." Inadequate Authentication Inadequate authentication refers to the insecure process of accessing a device. According to the Canadian Centre for…
Read More
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
Vulnerability Patch Management: Cost of Doing Nothing

Vulnerability Patch Management: Cost of Doing Nothing

Information Security, IT Support
Vulnerability Patch Management: Cost of Doing Nothing The failure of organizations to apply an available patch to fix a known software vulnerability, simply put: doing nothing, proves to be costly as new research shows that 60% of breaches in 2019 involved unpatched software vulnerabilities. The new research “Costs and Consequences of Gaps in Vulnerability Response” conducted by Ponemon Institute for ServiceNow showed that 60% of breaches in 2019 could have been prevented by more timely patching. What Is a Patch? A patch is a piece of code inserted into a computer program or software. Patches are typically inserted into existing software to improve the functionalities. Patches are also inserted into existing software to fix known security vulnerabilities. According to Ponemon Institute, it takes an average 43 days to see a…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More

Tag: patch management

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Information Security, IT Support
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says The Canadian Centre for Cyber Security recently revealed that in recent months several Canadian organizations' computer networks have fallen victim to cyberattackers via unpatched devices and inadequate authentication. "In recent months, the Cyber Centre [Canadian Centre for Cyber Security] has been made aware of several compromises of computer networks in Canada," the Canadian Centre for Cyber Security said. "In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version." Inadequate Authentication Inadequate authentication refers to the insecure process of accessing a device. According to the Canadian Centre for…
Read More
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
Vulnerability Patch Management: Cost of Doing Nothing

Vulnerability Patch Management: Cost of Doing Nothing

Information Security, IT Support
Vulnerability Patch Management: Cost of Doing Nothing The failure of organizations to apply an available patch to fix a known software vulnerability, simply put: doing nothing, proves to be costly as new research shows that 60% of breaches in 2019 involved unpatched software vulnerabilities. The new research “Costs and Consequences of Gaps in Vulnerability Response” conducted by Ponemon Institute for ServiceNow showed that 60% of breaches in 2019 could have been prevented by more timely patching. What Is a Patch? A patch is a piece of code inserted into a computer program or software. Patches are typically inserted into existing software to improve the functionalities. Patches are also inserted into existing software to fix known security vulnerabilities. According to Ponemon Institute, it takes an average 43 days to see a…
Read More
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc

Information Security, IT Support
2018 Year in Review: Old Known Security Vulnerabilities Still Wreak Havoc In 2018, publicly known security vulnerabilities continued to be exploited by cyber criminals. One of these known security vulnerabilities is WannaCry, a malicious software (malware) thought to be “old news”, but still continues to hunt for its next victim. What Is WannaCry? WannaCry is known for infecting more than 300,000 computers in 150 countries in less than 24 hours on May 12, 2017. WannaCry attackers infiltrated these hundreds of thousands of computers by using EternalBlue – referring to both the software vulnerability in Microsoft's Windows operating system and the exploit believed to be developed by the U.S. National Security Agency (NSA). Just a few days before the May 16thWannaCry attack, that is, on April 14, 2017, the EternalBlue exploit…
Read More