Three cyber holes to be aware of
Three cyber weaknesses you can prevent.
The list of computer vulnerabilities is growing rapidly right now. While this is an ongoing trend, the pace has picked up of late. Some may blame Russia, but in truth, they’re just one part of the problem. The reality is the bulk of attacks are for financial gain, and it’s an extremely lucrative business – it’s the wild west and anyone can rob any bank anywhere in the world. In this case, of course, we’re talking about anyone with a computer can hack another computer anywhere in the world. Here are three to be aware of.
OpenSSL VPN Software
Many firewalls and other VPN solutions utilize a technology called OpenSSL. OpenSSL is open-source shareware that last year was discovered to have some critical vulnerabilities. We wrote about it then, and we warned our readers that this vulnerability was likely to be around for a long time to come; here’s why. Because this code is embedded in the hardware of many leading firewalls, unless users manually ran updates on those devices, this hole would continue to exist. Lo and behold, last week CISA released an alert regarding a newly released patch for two known vulnerabilities. We continue to be concerned about this vulnerability because we know many users are unable to update their afflicted devices.
Yes, ransomware is alive and well and still growing exponentially year over year. The latest alert comes from our friends at HC3 (Health Sector Cybersecurity Coordination Center), although Venus is attacking every industry with equal vigor. Here’s what’s making it dangerous – it’s exploiting Remote Desktop Protocol (RDP) ports, as opposed to relying upon email phishing. And if you think you’re tricky and changed the default ports that RDP uses, not so fast, Venus has that figured out too. We are once again recommending using a VPN for remote connectivity as one of your defenses. Call us if you want to ensure your guard is up against this and other strains of ransomware.
Meta, oh Meta
It’s been a bad week for Meta, and we’re not meaning to pile on, but they have it coming. Some of the tools Meta provides (for free) are utilized by website builders to handle numerous tasks, among them, assisting in online scheduling applications. Well what they didn’t tell people, is Meta maintained a backdoor to exfiltrate this data. Hospitals and others have been cited for HIPAA violations for utilizing this code. While not a classic vulnerability, it’s on our list because it’s free shareware, and much like OpenSSL, it’s causing problems for users.
This is a very short list relative to how much cyber-alert activity is occurring right now. Chances are if you aren’t making a conscious effort on a regular basis to ensure you’re protected, you aren’t. If you aren’t paying a professional IT company to manage your IT, then you are tempting fate. Keep in mind, many small businesses that are hit with a cyberattack never recover. Call us to see if you are a fit for our managed services offerings.
Finally, in January we are going to migrate our HIPAA Reminders to our parent company, Acentec. The content will remain largely unchanged and will still be relevant for our healthcare clients, but they will be sent from our Acentec email address.