Cyber Security Hub explores some of the most impactful cyber attacks in the APAC region
Posts tagged "threats"
Most Email Security Approaches Fail to Block Common Threats
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.
New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense
Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown.
Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do
Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10.
The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft releases a swathe of patches to fix issues in its software.
While many of the vulnerabilities, which don’t just affect new versions of Windows, but also older versions such as Windows 8, Windows 7 and Windows Server 2019, were fixed with patches, six of the threats were highlighted as zero day threats.
While many security vulnerabilities are thankfully found and fixed before malicious users find and exploit them, zero day threats are vulnerabilities that are already out in the wild, which means they are particularly worrying.
In total, Microsoft announced the existence of 97 new exploits – which is certainly a troubling number. As a report in Forbes explains, Microsoft has limited the information about the zero day exploits to ensure it has time to address them before they are exploited. Microsoft believes that so far, there have not been any attacks using the vulnerabilities. Obviously, though, time is of the essence.
The zero day vulnerabilities are:
- Critical – CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
- Important – CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
- Important – CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
- Important – CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
- Important – CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
- Important – CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)
Of the 97 vulnerabilities, eight are labeled as ‘critical’, with 88 labeled as ‘important’. This means they are particularly dangerous, so users should make sure they are protected against them as soon as possible.
What should you do?
Microsoft’s warning is certainly troubling, but there’s no need to panic, as long as you take some precautionary steps. While the zero day threats are in the wild, they’ve not been used and Microsoft is actively working on fixes.
Meanwhile, it has also created patches for many of the other vulnerabilities. So, the best thing you can do right now is ensure that Windows 11 (or whichever version you have installed) is updated with the latest security patches.
They should download automatically, and If that’s the case you may see a prompt in the taskbar to restart your PC. You may also notice when you go to turn off your PC that there are options to ‘Update and restart’ and ‘Update and shut down’ – make sure you pick one of those.
You should also check to make sure there are no updates waiting for you. To do this, open up Settings and go to Windows Update > Check for Updates. If any are found, download and install them.
If you have any anti-virus or anti-malware software installed, make sure they are updated as well.
Hopefully Microsoft will continue to investigate and fix these vulnerabilities ASAP.
- These are the best free antivirus software tools
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
Mitigate Threats with Data Risk Assessments
Before an organization can re-engineer its approach to data privacy, it must first understand its current state. Similar to cybersecurity risk assessments, a data risk assessment (DRA) is a systemized…
Microsoft Defender wants to help your business stomp out internal security threats
Microsoft’s new step-by-step guide will help organizations monitor user identities and take action against malicious activity.
Insider Versus Outsider: Navigating Top Data Loss Threats
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.
Unlock Hidden Threats with UBA and UEBA
Both UEBA and UBA tools automate security threat detection and validation processes, enabling cybersecurity analysts to focus on more high value pursuits. They can also be used to proactively identify…
Building Multilayered Security for Modern Threats
Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.