The Biggest Vulnerabilities that Hackers are Feasting on Right Now

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.

Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked.

With ongoing patch and update management, company networks are protected. And these attacks are entirely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).

Make Sure to Patch Any of These Vulnerabilities in Your Systems

Microsoft Vulnerabilities

Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.

You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and what a hacker can do:

CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.

• CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
• CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email. 

Google Vulnerabilities

Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.

• CVE-2016-1646 & CVE-2016-518: These allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.

• Those aren’t the only code flaws that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070, both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.

Adobe Vulnerabilities

People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of prevalent vulnerabilities. 

• CVE-2009-4324: This flaw in Acrobat Reader allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment will be safer than other file types. Remember this when receiving unfamiliar emails.
• CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. It would be best if you uninstalled this from all PCs and websites.

Netgear Vulnerability

Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable due to the following flaws. 

• CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It’s present in many different Netgear products.

<H3>Cisco Vulnerability</H3>

• CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can do anything with your device and execute any code they like.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.

How do you keep your network safe from these and other vulnerabilities?  You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Automate Your Cybersecurity Today

Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today.

Do you need the best IT Support for your business?

You need the best IT support in London. Technology is complicated and expensive. It’s so hard to maintain everything and know what to do when something breaks or goes wrong. IT problems can really put a damper on your day. They’re frustrating, time-consuming, and can seem like a never-ending cycle of issues.

We’re unique because…

• We don’t tie our clients into long-term contracts we don’t feel the need to
• We don’t enforce our technical stack on you | each client’s needs are bespoke, and we work for you, not for us
• We have 5* Google ratings from genuinely satisfied clients
• 80% of our growth has been through current client referrals
• We’re proud to have 100% client retention since Penntech was established
• We’ve achieved the above through our customer obsession, passion for innovation, and commitment to service excellence.  Everyone could say that but ask our current clients.

We’re always just a phone call away; we live and breathe IT services. We’re here to help your business with anything that could go wrong with your systems or devices. We’re ready to solve any problem you throw our way!

Contact us today or explore the range of support packages on offer.

 
 
 
 
 
 
 
  
 
 
  
 
 Me Mo 
 
10 February 2023
 
 
  
We cannot recommend Penntech highly enough for their continuous IT support, we have worked with them for years and there is truly nothing that they cannot solve or help with. Their vast amount of knowledge and speed in response is second to none.
  
 
  
 
 
  
 
 Alasdair Gray 
 
6 February 2023
 
 
  
We have been using Penntech for around 6 years now and have had a great experience. Every member of the team we interreact with is friendly and helpful and our queries are always answered quickly.
  
 
  
 
 
  
 
 Chris Sheasby 
 
22 March 2021
 
 
  
I've known Lewis since working with him at CIFF in 2011.  More recently, he has built-up an excellent business which supports a number of my past and present clients.  He also supports my business.  Lewis is first rate and equally importantly, he has built a good team around him to provide quality, responsive IT support.  I can't recommend Penntech highly enough.
  
 
  
 
 
  
 
 Rebecca Groves 
 
20 July 2020
 
 
  
Penntech have worked with us for a number of years now and have always gone above and beyond to provide an efficient professional service in every circumstance. Their friendly responsive approach is refreshing and nothing is too big or too small to assist with.
  
 
  
 
 
  
 
 nick groves 
 
20 July 2020
 
 
  
Lewis and his team are fantastic! Highly recommended
  
 
  
 
 
  
 
 Demstone Chambers 
 
29 May 2020
 
 
  
Friendly and approachable, but also excellent technically. As a barristers chambers  we have industry-specific data protection requirements. Penntech showed in-depth knowledge about the interaction between these requirements and technical IT aspects.
  
 
  
 
 
  
 
 Marion Caillat 
 
20 May 2020
 
 
  
Penntech helped us migrate and merge our inbox's for our small restaurant and bar group. They were super efficient and got everything done within 24 hours. I highly recommend them and will be using them again.
  
 
  
 
 
  
 
 Jonathan Davies 
 
18 May 2020
 
 
  
Heartstyles have worked with Penntech for 3 years. The initial brief to sort out our global IT requirements. Penntech have always been refreshing clear in their comms, avoiding IT gobbledygook. No job has been too small to support and they always deliver above and beyond what was required and within budget. They clearly know what they’re doing and the level of service is always outstanding
  
 
  
 
 
  
 
 leigh ryan 
 
18 May 2020
 
 
  
Lewis and the team at Penntech are seen very much as an extension of our business. They are professional, technically brilliant, don't over complicate things, very friendly and the staff feel comfortable dealing with them on a daily basis.  They have a good understanding of our needs and go above and beyond to ensure we can get on with our day to day business, safe in the knowledge that if anything goes wrong technically that Penntech will resolve it efficiently. Leigh Ryan, CIO, MGAM Ltd
  
 
  
 
 
 
 
 
 
 Google rating score: 5.0 of 5, based on 24 reviews