Page 3 - AccumeView June
P. 3

Perspective:




           State of the



           Marketplace





           The bar has been raised when it comes to standards around patching
           critical vulnerabilities.  Homeland Security’s cybersecurity and
           Infrastructure Security Agency has instructed departments to fix critical
           vulnerabilities within 15 days after initial detection. Previous guidelines
           were 30 days to patch Critical and High vulnerabilities.        Expect
           regulators and vendor best practices to shift in this direction, so be
           prepared.

           Attackers have shifted their phishing skillset over to Facebook and
           Instagram in an attempt to find softer targets. This quarter saw a 75%
           increase in phishing attacks, and a large increase in attacks against
           Instagram users, specifically with phishing emails claiming to offer a
           verified Instagram badge to trick recipients into providing their
           credentials. Hackers are now intimate with corporate and consumer
           email and messaging – make sure that your employees are properly
           educated.

           A major Microsoft vulnerability involving the RDP service was
           announced this month. They released patches for most of their systems
           just recently, but they are taking the unusual step of providing patches
           for Windows XP and Server 2003, which are no longer supported. The
           vulnerability requires no user interaction, so if exploited, it can spread
           laterally across a network, similar to the WannaCry malware attack in
           2017.   Microsoft recommends immediate patching of all systems,
           although Windows 8 and 10 are not affected by the vulnerability.


           Credential stuffing attacks are on the rise, and they are becoming more
           successful due to their increased use of automation. The increased
           automation also came with a decreased cost for the attackers,
           increasing their profitability. A higher level of automation also means
           more victims. Ensure that your customers and employees are not one
           of them.

           Intel   recently    announced       four    vulnerabilities   involving
           "Microarchitectural Data Sampling," or MDS for short. The vulnerability
           could let hackers read nearly all data flowing through one of Intel's
           chips. The follow-up news is not good – analysts have determined that
           the fixes to the design flaws could slow chip speeds up to 20%. AMD,
           Intel’s main competitor, has pounced on this, announcing that their
           chipsets are not vulnerable to MDS exploitations.
                                                                     ~Stay Secure


                                                    www.accumepartners.com
   1   2   3   4   5   6   7   8