Security Vulnerabilities: Doesn’t it sound exciting? (But essential for all businesses)
Call it whatever you want.
But queuing must surely be one of the frustrating things we must do.
9/11 brought enhanced airport screening, which is now commonplace across Melbourne at significant events.
Think the footy, Formula 1, tennis and even, at times, conferences.
And the pandemic only aggravated it more with QR codes and a Covid marshall needing to check it.
For many, they are just going through the motions.
You’re standing around.
And you are looking at your phone.
Making small talk to the bloke next to you.
Casually glancing at your Apple Watch, hoping time is not standing still.
It feels like you haven’t moved.
So why are you queuing to be screened?
It probably seems obvious.
Here’s the thing, most people aimlessly go through this process, whether it’s at Tullamarine, Marvel Stadium or Phillip Island for MotoGP.
It’s what we do.
Seriously, pause for a moment.
Stop reading this article.
…now, as yourself, how would you feel if there was no security screening?
Every punter wanders straight into the venue.
Maybe you think it would be easier.
But as inconvenient it is, you know better.
Security is there to protect you, your mates and your family at massive events.
Now back to that Apple Watch you have on your wrist to keep you healthy (and productive).
Did you know the Cybersecurity and Infrastructure Security Agency (CISA) has recently warned of new security vulnerabilities?
Apple, alongside apps and software by Google and Adobe, is impacted.
Yes, even apps on your Apple Watch could be vulnerable.
What is a security vulnerability?
These security vulnerabilities are known in the industry as Common Vulnerabilities and Exposures (CVE).
Let’s break it down.
Basically, software developers like Microsoft issue security patches regularly. A security patch or update fixes (“patches”) a flaw in a code for the app or software. This flaw could help hackers access your systems with mischievous, criminal or corrupt intent.
So when Microsoft issued four security patches to SMEs in September 2021, it was to stop hackers from compromising Microsft Exchange servers.
That’s why your business must have regular patches and updates planned. And you act when advised of “zero-day” security patches. When you receive a patch, your IT System Engineer should install it immediately. Or the software or app may be vulnerable to attack.
Not acting quickly gives hackers more time to identify flaws in the code that the patch protects.
Here’s what businesses need to know about security vulnerabilities
Microsoft vulnerabilities include those in three products, including Internet Explorer (IE). In June 2022, Microsoft discontinued support for Internet Explorer.
You should remove Internet Explorer from all computers and devices.
Here are Microsoft vulnerabilities to be aware of:
- CVE-2012-4969: This Internet Explorer vulnerability allows for the remote execution of code. It is a critical vulnerability due to the potential damage it could cause to your business. Hackers can release this via a website. And sites that were once safe can become phishing sites.
- CVE-2013-1331: This is a Microsoft Office 2003 and Office 2011 for Mac code flaw. Hackers can launch remote attacks exploiting a vulnerability in Microsoft’s buffer overflow function. Then, the hackers can remotely execute dangerous code.
- CVE-2012-0151: This issue impacts Microsoft Window’s Authenticode Signature Verification function. The vulnerability allows user-assisted attackers to execute remote code on a system. A user-assisted attack requires the user to complete the attack. For example, you receive a phishing email with a malicious file you open.
Google Chrome and apps built using Chromium V8 engine vulnerabilities
Businesses must consider vulnerabilities with Google Chrome and applications built using Google’s Chromium V8 Engine.
The following applications are targets of these vulnerabilities:
- CVE-2016-1646 and CVE-2016-518: These both allow attackers to conduct denial of service attacks. They use a remote control against a website to carry out the attack. Then the hackers flood the site with a massive traffic volume, causing the website to crash.
- CVE-2018-17463 and CVE-2017-5070 also allow hackers to crash sites.
You can already access and install the security patches to fix.
Adobe Suite Vulnerabilities
Many Melbourne SMEs use Adobe Acrobat Reader to share documents across their company. It is easy to transfer documents across different platforms and operating systems.
Yet, Adobe has security vulnerabilities as well:
- CVE-2009-4324: Acrobat Reader has a flaw allowing hackers to execute remote code via a PDF file. That’s why you can’t assume a PDF attachment will be safer than other file types. Reminding employees to be cautious when opening an unfamiliar email with an attachment would be best.
- CVE-2010-1297: Adobe Flash Player has a memory corruption vulnerability. And allowing the hackers to execute denial of service attacks through Adobe Flash Player remotely. Like Internet Explorer, Microsoft has retired Abode Flash Player. And it no longer receives support or security updates. That’s why it’s vital to it uninstall Adobe Flash Player from all computers.
Netgear and Cisco Vulnerability
Netgear offers a range of internet-connected devices, including its popular wireless router. Likewise, Cisco sells a range of internet-related devices, including servers and routers.
Netgear and Cisco security vulnerabilities to consider:
- CVE-2017-6862: The hacker can execute code remotely by bypassing password authentication. This security vulnerability is found in many different Netgear products.
- CVE-2019-15271: This vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. They can do anything with your device and execute any code they like.
How do Melbourne businesses protect their network from security vulnerabilities?
These are a handful of the security vulnerabilities listed on the CISA list.
You can see all thirty-six security vulnerabilities that were added here.
You must regularly patch and update software. And choose to work with a trusted IT professional who can manage your devices and software updates, protecting you from a cyber threat.
Do you need help with cybersecurity?
We get it.
Managing and planning security patches and updates can be challenging.
Let us help you, reach out today.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.