The Biggest Vulnerabilities that Hackers are Feasting on Right…

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.

Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked.

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).

Make Sure to Patch Any of These Vulnerabilities in Your Systems

Microsoft Vulnerabilities

Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.

You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and what a hacker can do:

• CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
• CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
• CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means that they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email.

Google Vulnerabilities

Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.

• CVE-2016-1646 & CVE-2016-518: These both allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.
• Those aren’t the only two code flaws that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070 both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.

Adobe Vulnerabilities

People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.

• CVE-2009-4324: This is a flaw in Acrobat Reader that allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.
• CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.

Netgear Vulnerability

Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.

• CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It’s present in many different Netgear products.

Cisco Vulnerability

• CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can basically do anything with your device and execute any code they like.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.

How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Automate Your Cybersecurity Today

Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today.

—
Featured Image Credit

This Article has been Republished with Permission from .

Small Businesses Are Attacked by Hackers 3x More than…

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.

Well, a new report by cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit. And why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would, trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

• Customer records
• Employee records
• Bank account information
• Emails and passwords
• Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.

Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Even if a hacker can’t get as much ransom from a small business as they can from a larger organization, it’s worth it. They often can breach more small companies than they can larger ones.

When companies pay the ransom, it feeds the beast and more cyber criminals join in. And those newer to ransomware attacks will often go after smaller, easier-to-breach companies.

Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity

Another thing is not usually high on the list of priorities for a small business owner. We’re talking about ongoing employee cybersecurity training. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.

Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.

In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.

Phishing causes over 80% of data breaches.

A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.

Teaching employees how to spot these ploys can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus.

Need Affordable IT Security Services for Your Small Business?

Reach out today to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.

—
Featured Image Credit

This Article has been Republished with Permission from .

You Need to Watch Out for Reply-Chain Phishing Attacks

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.

A cybercriminal may want to steal employee login credentials. Or wish to launch a ransomware attack for a payout. Or possibly plant spyware to steal sensitive info. Sending a phishing email can do them all

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.

Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams. Many employees are now working from home. They don’t have the same network protections they had when working at the office.

Why has phishing continued to work so well after all these years? Aren’t people finally learning what phishing looks like?

It’s true that people are generally more aware of phishing emails and how to spot them than a decade ago. But it’s also true that these emails are becoming harder to spot as scammers evolve their tactics.

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.

What is a Reply-Chain Phishing Attack?

Just about everyone is familiar with reply chains in email. An email is copied to one or more people, one replies, and that reply sits at the bottom of the new message. Then another person chimes in on the conversation, replying to the same email.

Soon, you have a chain of email replies on a particular topic. It lists each reply one under the other so everyone can follow the conversation.

You don’t expect a phishing email tucked inside that ongoing email conversation. Most people are expecting phishing to come in as a new message, not a message included in an ongoing reply chain.

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.

How Does a Hacker Gain Access to the Reply Chain?

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain.

The hacker can email from an email address that the other recipients recognize and trust. They also gain the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.

For example, they may see that everyone has been weighing in on a new product idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.”

The link will go to a malicious phishing site. The site might infect a visitor’s system with malware or present a form to steal more login credentials.

The reply won’t seem like a phishing email at all. It will be convincing because:

• It comes from an email address of a colleague. This address has already been participating in the email conversation.
• It may sound natural and reference items in the discussion.
• It may use personalization. The email can call others by the names the hacker has seen in the reply chain.

Business Email Compromise is Increasing

Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins. Both are contributors to how common BEC is becoming.

In 2021, 77% of organizations saw business email compromise attacks. This is up from 65% the year before.

Credential theft has become the main cause of data breaches globally. So, there is a pretty good chance of a compromise of one of your company’s email accounts at some point.

The reply-chain phishing attack is one of the ways that hackers turn that BEC into money. They either use it to plant ransomware or other malware or to steal sensitive data to sell on the Dark Web.

Tips for Addressing Reply-Chain Phishing

Here are some ways that you can lessen the risk of reply-chain phishing in your organization:

• Use a Business Password Manager:

This reduces the risk that employees will reuse passwords across many apps. It also keeps them from using weak passwords since they won’t need to remember them anymore.

• Put Multi-Factor Controls on Email Accounts:

Present a system challenge (question or required code). Using this for email logins from a strange IP address can stop account compromise.

• Teach Employees to be Aware:

Awareness is a big part of catching anything that might be slightly “off” in an email reply. Many attackers do make mistakes.

How Strong Are Your Email Account Protections?

Do you have enough protection in place on your business email accounts to prevent a breach? Let us know if you’d like some help! We have email security solutions that can keep you better protected.

—
Featured Image Credit

This Article has been Republished with Permission from .

What Should You Do to Reduce Risk When Your…

Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.

The information they hold is more personal than even that which is in your wallet. It’s because of all your digital footprints. This makes a lost or stolen device a cause for alarm.

It’s often not the device that is the biggest concern. It’s the data on the device and access the device has to cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.

There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.

If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.

In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.

The Minutes After the Loss of Your Device Are Critical

The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.

What Types of Information Does Your Device Hold?

When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:

• Documents
• Photos & videos
• Access to any logged-in app accounts on the device
• Passwords stored in a browser
• Cloud storage access through a syncing account
• Emails
• Text messages
• Multi-factor authentication prompts that come via SMS
• And more

Steps to Take Immediately After Missing Your Device

As we mentioned, time is of the essence when it comes to a lost mobile device. The faster you act, the more risk you mitigate for a breach of personal or business information.

Here are steps you should take immediately after the device is missing.

Activate a “Lock My Device” Feature

Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.

What about “find my device?”

There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!

Report the Device Missing to Your Company If It’s Used for Work

If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked.

Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.

Log Out & Revoke Access to SaaS Tools

Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc.

Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option.

This disconnects the device from your account so the thief can’t gain access.

Log Out & Revoke Access to Cloud Storage

It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection.

They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.

Active a “Wipe My Device” Feature

Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.

Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.

Need Mobile Device Security Solutions?

No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.

—
Featured Image Credit

This Article has been Republished with Permission from .