The Biggest Vulnerabilities that Hackers
are Feasting on Right Now

The Top Vulnerabilities That Hackers Are Exploiting Right Now

The Biggest Vulnerabilities that Hackers
are Feasting on Right Now
Facebook
Twitter
LinkedIn

Software vulnerabilities are an unavoidable part of working with technology. A software release with millions of lines of code is created by a developer. Then, hackers look for flaws in the code that will allow them to breach a system.

Software flaws are an unavoidable part of working with technology. A software release with millions of lines of code is created by a developer. Then, hackers look for flaws in the code that will allow them to breach a system.

To address the vulnerability, the developer releases a patch. But it won’t be long before a new feature update causes even more havoc. Keeping your systems secure is a game of “whack-a-mole.”

One of the top priorities of IT management firms is keeping up with new vulnerabilities. It is critical to understand which software and operating systems are being targeted.

Company networks are vulnerable if patch and update management is not ongoing. And these attacks are entirely preventable. In the first quarter of 2022, 82% of cyberattacks in the United States were the result of exploiting patchable vulnerabilities. This is a global issue.

What new flaws are lurking in Microsoft, Google, Adobe, and other companies’ products? We’ll go through a few. These were recently highlighted in a Cybersecurity and Infrastructure Security Agency warning (CISA).

Make Sure to Patch Any of These Vulnerabilities in Your Systems

microsoft gaba3bbccd 1920
Microsoft Security Vulnerabilities

Microsoft Vulnerabilities

Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.

You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and what a hacker can do:

  • CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
  • CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
  • CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means that they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email.
google g6a73ed576 1280
Google Chrome Vulnerabilities

Google Vulnerabilities

Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.

  • CVE-2016-1646 & CVE-2016-518: These both allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.
  • Those aren’t the only two code flaws that allow hackers to crash sites this way. Two others, CVE-2018-17463 and CVE-2017-5070 both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.
Adobe Flash Player KB4287903
Adobe Flash Player Vulnerabilities

Adobe Vulnerabilities

People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.

  • CVE-2009-4324: This is a flaw in Acrobat Reader that allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.
  • CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.
netgear g2c552d060 1280
Netgear wireless router Vulnerabilities

Netgear Vulnerability

Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.

  • CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It’s present in many different Netgear products.
Apa itu Router Cisco
Cisco RV series routers vulnerability

Cisco Vulnerability

  • CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can basically do anything with your device and execute any code they like.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.

How do you keep your network safe from these and other vulnerabilities?

You should patch and update regularly!

The team at Syntech IT can manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Automate Your Cybersecurity Today

Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today.

Continue reading

Purchasing a New Computer (7 Considerations to Make)

Have you ever purchased a new computer only to experience buyer’s remorse a few months later? Perhaps you’ve overlooked the storage capacity and ran out of space. Or you may have ignored memory and experienced frequent lagging and freeze-ups.

Read More »
9 Online Shopping Security Tips for Safer Shopping
Security
Robert Giles

9 Online Shopping Security Tips for Safer Shopping

The holiday shopping season is in full swing. This means that scammers’ engines have also been revved up.

They’re prepared to capitalise on all of those online transactions.

Remember to use caution when shopping online during the holiday season.

A pound of cure is definitely worth an ounce of cybersecurity prevention.

It can also save you from a financial or personal disaster.

Read More »
Optus Cyber Attack - How to prevent an Optus-like data breach
Security
Robert Giles

Preventing An Optus-like Data Breach

In light of the recent Optus data breach we thought we’d take a moment to advise those who are not familiar with what has happened, how it relates to your business and what you can do moving forward.

Read More »

Syntech IT

Need help making sense of your IT?

Here at Syntech IT we try to simplify IT for our clients – but never make it simplistic. Whatever questions or thoughts you have, we'd love to hear it.

Contact Syntech IT
Scroll to Top
Request a Callback Icon

Request a Callback

Simply enter your name and phone number, and one of our team members will contact you shortly to answer any questions you may have.

This is a free service, and your phone number will not be used for marketing.

Mobile numbers are preferred. If entering a landline, please include the area code.
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Please note we'll usually call you back during our business hours from Monday to Friday, 8:30am - 5:30pm (AEST)

Send Quick Message

Your Name
Hidden
Hidden
This field is for validation purposes and should be left unchanged.