Do you have your door open for malware attacks?

The number of exploit attacks against known vulnerabilities continues to increase. The target is to install malware into the targeted system and to gain benefits for the criminals behind the attack.

According to F-Secure Threat Report H1/2013, the majority of Top 10 detections from the last six months involved exploits. Java is the most popular entry point and therefore, disallowing Java plug-ins might make sense.  Java vulnerabilities have allowed attackers to use even classic forms of attack, known for about ten years already.

Image

The table clearly shows that the users do not seem to understand the importance of security patches since exploits can target vulnerabilities that have had a patch for over 5 years!

On the other hand, exploit kits find their way to the market unbelievably fast – the F-Secure Threat report tells: “Java vulnerability CVE-2013-2423; a Metasploit module targeting this was first published on April 20th, and a day later we noticed in-the-wild attacks against it had already gotten underway by the CrimeBoss exploit kit”.

Why is it so hard to keep pace with the critical security updates then?

First, the number of patches releases is huge. For example, Microsoft alone recently published 13 patches against 47 bugs in its Patch Tuesday security update. Add to that the Java updates, Adobe updates, and all the rest of the products, and the number of necessary updates in a business environment can be devastating. Second – would the IT administrator always know which software is installed on which machine?

F-Secure Software Updater, an automated patch management tool integrated in the security clients, can help manage the huge task of keeping on top of the critical security updates. It follows the philosophy: find it, fix it, and forget it.

Cheers, Eija

More posts from this topic

Unbenannt-4
Aug 28, 2014
BY 
password_joke1

How much are your passwords costing you?

You come back after a nice vacation, rested, tanned and ready to catch up on a few weeks of email.  The only problem? You've forgotten your password. This may seem like a trivial problem, until you realize that it's not just you -- it's the guy at the next desk and the next desk and the next desk. And it isn't just one account. A new report finds that lost or forgotten passwords cost the city of Espoo, a city of about 249,000 in Finland, about 18€ per worker for a total cost of 200, 000€ -- every year. And that doesn't include the cost of the workers' lost time. The fact is people have better things to think about than strings of often nonsensical numbers and letters that include a special character. The need for strong, unique passwords for all of our important accounts is overwhelming, with most people needing to remember at least 20 different passwords. Users have been forced to chose between using memorable terrible passwords or forgettable good passwords. At F-Secure, we believe technology should free your mind to deal with important work, not passwords. That's why we created Key, our password manager that offers you one password to rule them all. It stores all your passwords, log-ins, e-mails, PIN codes and other credentials securely. You don't need to think of crazy unguessable passwords because it generates them for you and fill them in as you use the web. And our encryption protects all your data. It's free to use on one device and as cheap as $1.84 a month if you want a premium account that covers all your devices. Give it a try, before you forget. Cheers, Sandra Image courtesy of Lulu Hoeller, flickr.com

Jul 23, 2014
Screen Shot 2014-06-03 at 8.10.58 PM
Jun 4, 2014