Tag: vulnerability

Top Most Exploited Vulnerabilities in the COVID-19 Era

Information Security, IT Support
Top Most Exploited Vulnerabilities in the COVID-19 Era Year 2020 is a strange year. As a result of the COVID-19 pandemic, many organizations have hastily made a transition from office work to work from home model with little time to put in place the needed cybersecurity measures. Here are the top most exploited vulnerabilities (in no particular order) based on the alerts issued by the national cybersecurity centers and agencies in multiple countries, including Canada (Canadian Centre for Cyber Security), US (Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation) and UK (National Cyber Security Centre), as well as a report from a computer security company (McAfee Labs): RDP Vulnerabilities RDP, which stands for Remote Desktop Protocol, is a proprietary protocol developed by Microsoft for Windows operating systems,…
Read More
Microsoft Warns of Windows Zero-Day Exploitation

Microsoft Warns of Windows Zero-Day Exploitation

Information Security, IT Support
Microsoft Warns of Windows Zero-Day Exploitation Microsoft has revealed that it’s aware of on-going targeted cyberattacks exploiting two zero-day vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows. What Is Zero-Day? Zero-day is a security vulnerability in a software that’s known to the software vendor but the vendor doesn’t have a security update, also known as a patch, to fix the security vulnerability. If this zero-day vulnerability is known by malicious actors, this vulnerability has the potential to be exploited. According to Microsoft, two zero-day remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. Successful exploitation of this collective vulnerability in Windows Adobe Type Manager…
Read More
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Information Security, IT Support
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows Microsoft is advising Windows users, including users of modern versions of Windows, to apply the recently released security update as this latest update fixes 2 wormable vulnerabilities. What Is Wormable Vulnerability? Wormable vulnerability refers to a security vulnerability in which future malicious software (malware) that exploits this vulnerability could spread from vulnerable computer to vulnerable computer without user interaction, specifically replicating itself in order to spread to other computers. CVE-2019-1181 and CVE-2019-1182are the 2 wormable vulnerabilities that Microsoft fixed in its latest update. Both security vulnerabilities CVE-2019-1181 and CVE-2019-1182 allow an attacker to send a specially crafted request to the target Windows systems via Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft, allowing a user to connect…
Read More
Time to Patch: BlueKeep Exploit Is Now Up For Sale

Time to Patch: BlueKeep Exploit Is Now Up For Sale

Information Security, IT Support
Time to Patch: BlueKeep Exploit Is Now Up For Sale A U.S. company has recently made available, for a fee, a BlueKeep Exploit, that takes advantage of a security vulnerability in the Remote Desktop Protocol (RDP) service included in older versions of the Windows operating system. While the commercial availability of this BlueKeep exploit gives legitimate cybersecurity professionals a tool to detect exposed RDP-enabled systems, it also gives malicious actors an opportunity to pirate or legitimately buy this tool for malicious activities. What Is BlueKeep? BlueKeep, officially known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service included in Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP. Remote Desktop Protocol, commonly referred to as RDP, is a proprietary protocol developed by…
Read More
New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk?

New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk?

Information Security, News
New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk? The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that enterprise Virtual Private Network (VPN) products made by Cisco, Palo Alto Networks, F5 Networks and Pulse Secure have vulnerabilities that could compromise the security of users. The alert was issued in response to the disclosure made by the CERT Coordination Center (CERT/CC), the coordination center of the computer emergency response team for the Software Engineering Institute at Carnegie Mellon University. The following VPN products and versions, according to CERT/CC, store the cookie insecurely in log files: . Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573) . Pulse Secure Connect Secure prior to 8.1R14,…
Read More
Software Updates: Gateway for Supply Chain Attacks

Software Updates: Gateway for Supply Chain Attacks

Information Security, IT Support, Security
Software Updates: Gateway for Supply Chain Attacks The confirmation by Taiwan-based tech giant ASUS that its software update was hijacked by cybercriminals to install malicious software (malware) on its customers’ notebook computers highlights the threat of supply chain attacks via software updates. A supply chain attack attempts to exploit the security vulnerability in a third-party service or software to compromise a final target. Hijacked software update is one of the most common forms of supply chain attack. Last March 26, ASUS, ranked by Gartner as the world's 5th-largest PC vendor in the 3rd quarter of 2018, asked its notebook computer customers to install the latest software update (version 3.6.8) after acknowledging that ASUS Live Update, a pre-installed software in ASUS notebook computers to ensure that the system always benefits from…
Read More
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

Information Security, IT Support, Security
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows A study conducted by IBM showed that more than half of cyberattacks exploit common administration tools or tools that already exist on targeted computers. IBM’s 2019 X-Force Threat Intelligence Indexshowed that more than half or 57% of cyberattacks leveraged common administration tools and in the process, evading detection, maintaining persistence and achieving their objectives. Living Off the Land The phrase “living off the land” is the term used for cyberattacks that leverage tools that already exist on targeted computers. This type of cyberattack blends in with common administration work, making detection more difficult. According to IBM, one of the common administration tools that’s often used by cyberattackers is PowerShell. What Is PowerShell? PowerShell is a…
Read More
How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

Information Security, Servers
How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks Servers are the core of every organization’s I.T. operations. Many organizations, however, leave this core component open to cyberattacks through SMBv1. What Is SMBv1? SMBv1, which stands for Server Message Block version 1, was created by Barry Feigenbaum in the early 80s as a file sharing protocol for DOS. In the 90s, Microsoft started using SMBv1 in its operating systems as a protocol for sharing access to files, printers and other resources on a network. SMBv2, which stands for Server Message Block version 2, was introduced in Windows Vista and Windows Server 2008. SMBv3 was introduced in Windows 8 and Windows Server 2012. In 2014, Microsoft publicly regarded SMBv1 as obsolete and best avoided. SMBv1 isn’t installed by default in the…
Read More
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Information Security
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack A critical flaw in Apache Struts, an open source tool used by many businesses in creating web applications, has recently been uncovered by a cybersecurity researcher at Semmle. What Is Apache Struts? Apache Struts is a popular open source tool for creating web applications. According to Apache Software Foundation, the non-profit organization that oversees Apache Struts projects, most organizations – including the Fortune 100 companies – are using Apache Struts for their enterprise web applications. Latest Security Vulnerability in Apache Struts The latest security vulnerability uncovered by Semmle researcher Man Yue Mo in Apache Struts can provide an attacker an entry point in corporate networks. “This vulnerability affects commonly-used endpoints of Struts, which are likely to be exposed, opening up an…
Read More
Race to Patch Known Cybersecurity Vulnerabilities

Race to Patch Known Cybersecurity Vulnerabilities

Information Security, Security
Race to Patch Known Cybersecurity Vulnerabilities More than a month since Microsoft rolled out its April 30, 2018 update on Windows 10, the company said nearly 250 million or one-third of the nearly 700 million computers using Windows 10 have applied this update. This Microsoft data shows that nearly 450 million or two-thirds of machines using Windows 10 as their operating system (OS) haven’t applied the April 2018 patch. Prevalence of Delayed Patching A patch is a piece of code that’s inserted (or patched) into an existing software program. It’s meant to improve performance, usability or to fix known cybersecurity vulnerabilities. It’s a known fact that many organizations don’t patch immediately. Researchers at Renditionrevealed that more than a month after Microsoft released its March 2017 update, over 148,000 machines hadn’t…
Read More

Tag: vulnerability

Top Most Exploited Vulnerabilities in the COVID-19 Era

Information Security, IT Support
Top Most Exploited Vulnerabilities in the COVID-19 Era Year 2020 is a strange year. As a result of the COVID-19 pandemic, many organizations have hastily made a transition from office work to work from home model with little time to put in place the needed cybersecurity measures. Here are the top most exploited vulnerabilities (in no particular order) based on the alerts issued by the national cybersecurity centers and agencies in multiple countries, including Canada (Canadian Centre for Cyber Security), US (Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation) and UK (National Cyber Security Centre), as well as a report from a computer security company (McAfee Labs): RDP Vulnerabilities RDP, which stands for Remote Desktop Protocol, is a proprietary protocol developed by Microsoft for Windows operating systems,…
Read More
Microsoft Warns of Windows Zero-Day Exploitation

Microsoft Warns of Windows Zero-Day Exploitation

Information Security, IT Support
Microsoft Warns of Windows Zero-Day Exploitation Microsoft has revealed that it’s aware of on-going targeted cyberattacks exploiting two zero-day vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows. What Is Zero-Day? Zero-day is a security vulnerability in a software that’s known to the software vendor but the vendor doesn’t have a security update, also known as a patch, to fix the security vulnerability. If this zero-day vulnerability is known by malicious actors, this vulnerability has the potential to be exploited. According to Microsoft, two zero-day remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. Successful exploitation of this collective vulnerability in Windows Adobe Type Manager…
Read More
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows

Information Security, IT Support
Time to Patch: New Wormable Vulnerabilities Found in Modern Versions of Windows Microsoft is advising Windows users, including users of modern versions of Windows, to apply the recently released security update as this latest update fixes 2 wormable vulnerabilities. What Is Wormable Vulnerability? Wormable vulnerability refers to a security vulnerability in which future malicious software (malware) that exploits this vulnerability could spread from vulnerable computer to vulnerable computer without user interaction, specifically replicating itself in order to spread to other computers. CVE-2019-1181 and CVE-2019-1182are the 2 wormable vulnerabilities that Microsoft fixed in its latest update. Both security vulnerabilities CVE-2019-1181 and CVE-2019-1182 allow an attacker to send a specially crafted request to the target Windows systems via Remote Desktop Protocol (RDP) – a proprietary protocol developed by Microsoft, allowing a user to connect…
Read More
Time to Patch: BlueKeep Exploit Is Now Up For Sale

Time to Patch: BlueKeep Exploit Is Now Up For Sale

Information Security, IT Support
Time to Patch: BlueKeep Exploit Is Now Up For Sale A U.S. company has recently made available, for a fee, a BlueKeep Exploit, that takes advantage of a security vulnerability in the Remote Desktop Protocol (RDP) service included in older versions of the Windows operating system. While the commercial availability of this BlueKeep exploit gives legitimate cybersecurity professionals a tool to detect exposed RDP-enabled systems, it also gives malicious actors an opportunity to pirate or legitimately buy this tool for malicious activities. What Is BlueKeep? BlueKeep, officially known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service included in Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP. Remote Desktop Protocol, commonly referred to as RDP, is a proprietary protocol developed by…
Read More
New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk?

New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk?

Information Security, News
New Report Shows Security Vulnerabilities in Some VPN Products. Is Your Organization at Risk? The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that enterprise Virtual Private Network (VPN) products made by Cisco, Palo Alto Networks, F5 Networks and Pulse Secure have vulnerabilities that could compromise the security of users. The alert was issued in response to the disclosure made by the CERT Coordination Center (CERT/CC), the coordination center of the computer emergency response team for the Software Engineering Institute at Carnegie Mellon University. The following VPN products and versions, according to CERT/CC, store the cookie insecurely in log files: . Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573) . Pulse Secure Connect Secure prior to 8.1R14,…
Read More
Software Updates: Gateway for Supply Chain Attacks

Software Updates: Gateway for Supply Chain Attacks

Information Security, IT Support, Security
Software Updates: Gateway for Supply Chain Attacks The confirmation by Taiwan-based tech giant ASUS that its software update was hijacked by cybercriminals to install malicious software (malware) on its customers’ notebook computers highlights the threat of supply chain attacks via software updates. A supply chain attack attempts to exploit the security vulnerability in a third-party service or software to compromise a final target. Hijacked software update is one of the most common forms of supply chain attack. Last March 26, ASUS, ranked by Gartner as the world's 5th-largest PC vendor in the 3rd quarter of 2018, asked its notebook computer customers to install the latest software update (version 3.6.8) after acknowledging that ASUS Live Update, a pre-installed software in ASUS notebook computers to ensure that the system always benefits from…
Read More
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows

Information Security, IT Support, Security
More than Half of Cyberattacks Exploit Tools that Already Exist on Targeted Computers, Study Shows A study conducted by IBM showed that more than half of cyberattacks exploit common administration tools or tools that already exist on targeted computers. IBM’s 2019 X-Force Threat Intelligence Indexshowed that more than half or 57% of cyberattacks leveraged common administration tools and in the process, evading detection, maintaining persistence and achieving their objectives. Living Off the Land The phrase “living off the land” is the term used for cyberattacks that leverage tools that already exist on targeted computers. This type of cyberattack blends in with common administration work, making detection more difficult. According to IBM, one of the common administration tools that’s often used by cyberattackers is PowerShell. What Is PowerShell? PowerShell is a…
Read More
How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks

Information Security, Servers
How SMBv1 Leaves Your Organization’s Server Open to Cyberattacks Servers are the core of every organization’s I.T. operations. Many organizations, however, leave this core component open to cyberattacks through SMBv1. What Is SMBv1? SMBv1, which stands for Server Message Block version 1, was created by Barry Feigenbaum in the early 80s as a file sharing protocol for DOS. In the 90s, Microsoft started using SMBv1 in its operating systems as a protocol for sharing access to files, printers and other resources on a network. SMBv2, which stands for Server Message Block version 2, was introduced in Windows Vista and Windows Server 2008. SMBv3 was introduced in Windows 8 and Windows Server 2012. In 2014, Microsoft publicly regarded SMBv1 as obsolete and best avoided. SMBv1 isn’t installed by default in the…
Read More
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Information Security
Critical Flaw in Apache Struts Exposes Businesses to Cyberattack A critical flaw in Apache Struts, an open source tool used by many businesses in creating web applications, has recently been uncovered by a cybersecurity researcher at Semmle. What Is Apache Struts? Apache Struts is a popular open source tool for creating web applications. According to Apache Software Foundation, the non-profit organization that oversees Apache Struts projects, most organizations – including the Fortune 100 companies – are using Apache Struts for their enterprise web applications. Latest Security Vulnerability in Apache Struts The latest security vulnerability uncovered by Semmle researcher Man Yue Mo in Apache Struts can provide an attacker an entry point in corporate networks. “This vulnerability affects commonly-used endpoints of Struts, which are likely to be exposed, opening up an…
Read More
Race to Patch Known Cybersecurity Vulnerabilities

Race to Patch Known Cybersecurity Vulnerabilities

Information Security, Security
Race to Patch Known Cybersecurity Vulnerabilities More than a month since Microsoft rolled out its April 30, 2018 update on Windows 10, the company said nearly 250 million or one-third of the nearly 700 million computers using Windows 10 have applied this update. This Microsoft data shows that nearly 450 million or two-thirds of machines using Windows 10 as their operating system (OS) haven’t applied the April 2018 patch. Prevalence of Delayed Patching A patch is a piece of code that’s inserted (or patched) into an existing software program. It’s meant to improve performance, usability or to fix known cybersecurity vulnerabilities. It’s a known fact that many organizations don’t patch immediately. Researchers at Renditionrevealed that more than a month after Microsoft released its March 2017 update, over 148,000 machines hadn’t…
Read More