Cynch Security

View Original

Eleven Unpatched Vulnerabilities

While your business might be taking a bit of a break over the holidays, there will be plenty of cyber criminals still working hard trying to break into systems. Fortunately, software and hardware vendors also do their best to stay on top of things over this period and will continue to patch vulnerabilities they learn of. Applying patches and updates might not be high on your Christmas list, but it’s no less important in December and January than it is at any other time of the year.

Just in case you need a reminder of why installing updates is important, here are a few vulnerabilities that have popped up over the past year:

January: Netgear patched a serious vulnerability in many of its home and small office network routers just a month after they’d fixed a similar issue.

February: Around 1.5 million Wordpress websites were hacked after a vulnerability patched the week before was disclosed.

February (cont.): A commonly used website security solution Cloudflare patched a bug known as Cloudbleed that may have leaked website owners passwords.

March: Popular password management platform LastPass patched some serious vulnerabilities discovered in its web browser plugins. 

March (cont.): A common component of web servers called Apache struts was patched. Equifax was one company running this software and after leaving it unpatched for 4 months, became the victim of one of the most serious data breaches of all time.

March (cont.): Microsoft also released patches this month for vulnerabilities known as EternalBlue & DoublePulsar. These were the vulnerabilities used 2 months later in the massive WannaCry ransomware attack.

June: Vulnerabilities discovered in Microsoft Windows Defender were found and quickly patched via automatic updates.

July: The popular web conferencing platform Webex patched critical vulnerabilities in its web browser plugins that could have exposed these meetings to hackers.

September: A bug in Bluetooth called BlueBorne was discovered that could have spread like a virus if not patched.

October: The KRACK WiFi vulnerability was discovered that affected pretty much every WiFi device. Patches for this one are still being released.

November: Apple’s Mac High Sierra operating system was found to have a bug that gave anyone with access full administrative control. This was quickly patched within a day or so but broken again by another patch.


We don’t know what the next vulnerability will be, but we can be sure there will be one that needs patching soon. Before you break for the year run updates on all your systems and apply any security patches. When you get back from break, do the same and if you’re working over the break remember:

Patch early and patch often

 

You can find some more advice on how to keep up to date with patches in your business here:

https://www.staysmartonline.gov.au/protect-your-business/protect-your-assets/software-updates-business

 

Sign-up to our FREE 12 Days of Threatmas program for information and advice on how to deal with some of the unique cybersecurity threats your business may run into over the holiday period.