What are Zero-Day Vulnerabilities?

Backup, Ophtek, PC Security, Updates, Windows vulnerability, zero-day, , , ,
05
Mar 2019

Zero-day vulnerabilities are frequently referenced in regards to PC security, but it’s also a term which most PC users will be completely unaware of.

Any vulnerability that is present in your organization’s IT network poses a significant danger to the security of your data and equipment. Educating yourself and your staff on the dangers posed by these vulnerabilities is an important security practice, so understanding what zero-day vulnerabilities are is a crucial step in securing your PCs.

To help you get started, we’ve put together a quick guide to provide you with a zero day introduction.

What Happens on Zero-Day?

The definition of a zero-day vulnerability is very simple; it’s any exploit or security bug that is present in software or hardware that isn’t patched as the software vendor isn’t aware of its existence. To be considered a true zero-day vulnerability it must also be known to hackers. And this is where it becomes a huge security concern.

With hackers aware of such an exploit (known as a zero-day exploit), they’re essentially granted free rein to continually exploit this vulnerability in the face of little opposition. Therefore, malware can be installed, data can be stolen and whole networks taken down without software vendors and customers being aware of how it’s happening.

Once the zero-day vulnerability has been confirmed and the software vendor made aware, Day Zero is established. Naturally, any period before Day Zero is highly problematic, but even the commencement of Day Zero provides little comfort. And this is because developing fixes and patches isn’t an instant process. Instead, time and effort needs to be invested in creating these patches and ensuring that customers install them as soon as possible.

What are Some Examples of Zero-Day Vulnerabilities?

Now that you understand a little more about the makeup of zero-day vulnerabilities, it’s time to consolidate that knowledge with some real life examples:

  • Microsoft Windows Vulnerability: Even the seasoned professionals at Microsoft are capable of falling foul to zero-day vulnerabilities with one recently being discovered in the system file Win32k.sys. The exploit can be launched by a specific malware installer and, without the relevant patch, can be considered very dangerous.
  • Adobe Flash Malware: Adobe have suffered numerous zero-day attacks and, in 2016, their users experienced a zero-day vulnerability packaged within an Office document. Activating this vulnerability allowed hackers to download malware to the affected PCs and begin exploiting data until Adobe hastily issued a patch.
  • Internet Explorer Loses Control: Microsoft was, again, victim of a zero-day vulnerability in December 2018 when their Internet Explorer app experienced a severe security risk. It’s believed that the vulnerability is exploited by directing victims to an infected website where the hackers can then assume control of the PC from a remote location.

Final Thoughts

Zero-day vulnerabilities are troubling security flaws as their very definition means that there is no immediate protection available. Accordingly, it’s important that your organization takes the following steps:

  • Always install all updates to ensure zero-day vulnerabilities are treated as soon as possible
  • Backup all data and store it correctly in the case of a zero-day vulnerability disrupting your network and productivity
  • Educate your staff on the dangers of zero-day vulnerabilities and ensure they’re aware of the telltale signs of infection

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Adobe Flash Remains a Security Liability

Adobe Flash, Security, Security Threats, Updates, , ,
15
Jan 2019

Adobe’s Flash Player has had a bad press in recent years due to the numerous security flaws in its design and these problems remain a major issue.

While we frequently worry about the dangers of malware and ransomware, we seem to have forgotten about the security vulnerabilities that are present in software we use every day. Flash has been exposed as having major security flaws in the last few years, so there’s been a tendency to migrate towards HTML5 code which is similar to Flash and much more secure. However, many people still use Flash online, so it’s likely that your organization will come into contact with it on a regular basis.

Understanding how to combat vulnerabilities in Flash is essential for your organization’s security, so let’s try and get a better understanding of Flash’s latest security crisis.

Flash Hits the Headlines Again

On the same day that Adobe released their latest patch for Flash, an independent security expert revealed that they had identified a glaring vulnerability in the software. This security flaw – given the unwieldy name of CVE-2018-15981 – is a curious software bug that has the potential to execute a malicious code through an instance of Flash hosted on a malicious website. Versions of Flash affected are all those up to version 31.0.0.148 and could affect the following browsers: Firefox, Chrome, Edge and Internet Explorer.

Combating Flash Vulnerabilities

The most recent version of Flash (31.0.0.153) is more than safe to use in terms of this recently discovered vulnerability, but the question remains as to whether more vulnerabilities are lurking within it. So, how do you combat the security flaws presented by Flash?

Many browsers, such as Chrome, Firefox and Edge, now insist that users have to manually activate Flash each and every time it’s encountered, but confidence tricks can easily be employed by hackers to disguise this. Flash, of course, is being discontinued at the end of 2020, so many people are simply disabling the software. With only a small minority of websites still using Flash, the loss of productivity from disabling it are considered minimal due to the alternative solutions on offer such as HTML5.

However, many organizations rely on Flash-based websites to complete essential tasks such as online customer portals etc. In these cases, the importance of monitoring crucial software updates and acting on these immediately should be a priority for all IT teams. Many businesses have been caught out on countless occasions due to a lack of care when it comes to installing patches and software updates. While this latest vulnerability does not appear to have been exploited by hackers, it could have easily led to severe data breaches and a drop in productivity for any organization affected.

Final Thoughts

Flash has been present within the landscape of the internet for over 20 years, but it almost feels as though Adobe have barely concentrated on it for the last few years. As a result, Flash has received nothing but negative feedback due to the security flaws present. Naturally, with just two years left in its lifespan, these issues will soon become irrelevant, but for now it’s vital that you regularly install updates or, where possible, disable it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Things to Consider When Upgrading Your Servers

PC Server, Tower, Updates, upgrade hardware, Windows Server, ,
04
Sep 2018

Your server is the backbone of your organization’s IT functionality, but what do you need to consider when it’s time to upgrade?

Purchasing and installing a new server is a massive move for any organization. Install the best server for your needs and your productivity should skyrocket. Choose one that doesn’t quite fit with your business and it will seriously harm the way you’re able to operate. Therefore, choosing the correct server is important if you value your organization’s future.

Moving forward, though, isn’t always straightforward due to the complexity of such an upgrade. To help simplify matters, we’re going to share five things to consider when upgrading your servers.

  1. The Right Performance

First and foremost, you have to make sure that any potential new server is able to meet the needs of your organization’s IT needs. The main reason that an organization looks to upgrade is because the current technology isn’t able to fulfill their existing needs. Consulting with various department heads and IT professionals is essential to gauge the necessary requirements, so start by compiling this information and work from there.

  1. Is Integration Possible?

You’ve more than likely got an existing server in place, but upgrading doesn’t mean that you need to chuck your old one out with the trash. In fact, it’s possible that you’ll be able to integrate vast sections of your existing server into your new server. Not only does this potentially save you costs on new technology, but it also provides a level of consistency in terms of staff knowledge on the existing technology.

  1. Costs?

Performance, of course, is paramount, but price is equally important as all organizations work to a strict budget. Once you understand your performance needs, the next step is to evaluate which available servers meet this most closely. Technology, after all, can be costly, so you shouldn’t be paying for any technology that won’t be of use to your organization’s output.

  1. Factor in Maintenance

A brand new server is fantastic, but even the most up to date technology needs to be maintained. Any length of downtime is disastrous for any organization which understands the basics of productivity, so the shrewdest move with servers is to ensure that some form of maintenance cover is put in place. Often, there will be a warranty included with new technology, but this will always have an expiry date, so make sure you start asking about extended warranty options from an early stage.

  1. Future Upgrades?

It may seem counter-intuitive to consider future scalability as you upgrade, but looking to the future is vital when it comes to working with IT technology. The rapid pace at which technology expands means that you may need to consider growing your server a lot sooner than you expected. Discussing expansion options is crucial to safeguard against being lumbered with huge costs in the future when your existing technology is unable to expand further to keep pace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

5 Best IT Practices for Small Businesses

Backup, IT Best Practices, Power Protections, Security, Technical Support, Updates, , , , , ,
09
Jul 2018

It’s important for small businesses to make the most of their IT capabilities, so understanding what the best IT practices are is paramount.

If you can implement the right IT practices in your organization then you’re clearly a smart thinker as it can only lead to increased productivity. However, for a small business this isn’t always the easiest strategy to formulate. The cost of investment can often restrict your use of brand new technology, so you need to be a little bit smarter. And the good news is that costs can be kept to a minimum.

To help you get started on getting the best out of your IT, I’ve put together a list of five best IT practices for small businesses.

  1. Backing up the Right Data

Backing up data can be an expensive process. Not only is physical storage costly, but cloud storage can soon start totting the dollars up. However, this is all dependent on the amount of data you want to back up. Therefore, if you can reduce the amount of storage you need to backup, you can reduce your storage costs. The best way to achieve this objective is by thoroughly researching how your data is used and determining exactly what you need to backup.

  1. Staff Security Knowledge

Cyber security should be a major concern for all businesses, but for a small business it’s crucial. With a wide range of new cyber-attacks such as ransomware and phishing emerging every day, the risk of your business operations being disrupted is high. Whilst firewalls and carefully secured, partitioned servers can make a huge difference, it’s even more useful for your employees to understand good security practices. All it takes is one malicious email to be clicked on to bring your organization to a halt, so ensure that regular refresher courses on security threats are conducted for your employees.

  1. Install all Updates

Keeping on the security theme, it’s essential that all updates for your software and hardware are installed as soon as possible. Once your IT equipment becomes even slightly out of date then it’s at risk of becoming vulnerable to hackers. However, if all the latest updates and firmware upgrades are installed, then you’re improving the defenses of your data no end.

  1. Good Power Protection

Your PC technology is important, so you need to ensure that it’s protected from the damaging effects of power outages and surges. Not only can these events reduce the lifespan of your technology, but they’re also capable of wiping data if they happen in the middle of a backup. To counter this risk, it’s vital that backup hardware comes with adequate battery support to keep backups running. Likewise, ensuring that your servers have reserve power supplies which are uninterruptible can help keep your data accessible and safe at all times.

  1. Provide Good Technical Support

Your business needs professional IT support, there simply isn’t any other option if you’re working with PCs. And when I say professional, I mean professionally trained and not a hobbyist who likes to tinker with their PC every now and then. Knowledge, after all, equals authority and when you’re working with complicated technology, you need as much authority as possible. Maybe this will be outsourced or maybe you’ll build an in-house team, either way it should be a priority for your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 5 6 7