October 16, 2014
ESET presented the Quarterly Threat Summary for July, August and September, which stands out for the presence of vulnerabilities: failures and bugs in systems, as well as the behavior of users, which continue to be affected by incidents such as theft of credentials.
The vulnerabilities, in addition to being present in web systems, also lie in the security holes left by users in their behavior as Internet users. The Research Laboratory developed a review of the events of this last quarter that show it:
- Vulnerabilities in communication systems and protocols. It is a weakness found in an asset or in a control that can be exploited by one or more threats, resulting in a security risk. The most resonant were: Shellshock, a serious vulnerability in Bash, which is the most used command interpreter in GNU / Linux and many other Unix-based systems such as Android and Mac OS X. This allowed remote code execution in order to obtain the control of web servers, routers, smartphones and computers. In second place is BadUSB, which is an imperceptible way to bypass the protections that are installed to avoid infections in USB devices such as pen drives, although it could also apply to keyboards, mice, webcams or external hard drives. Finally, a WordPress flaw is located that allows an attacker to upload any malicious file to vulnerable servers and be used for malware injections, defacements, and spamming.
- Human vulnerabilities. It refers to vulnerabilities in user behavior. Weak security measures and insufficient controls lead to incidents that compromise your privacy, the confidentiality of your sensitive data, and even your identity. The most resounding case was the leak of intimate photos of Jennifer Lawrence and many other celebrities. It began with a supposed “hacker” who claimed to have in his possession hundreds of photos of famous people, and would publish them as the days go by. The truth is that there were many victims and everything that happened left the conclusion that security begins with the user. Beyond the fact that systems, applications and browsers must guarantee the security of communications, provide the corresponding updates to avoid the exploitation of possible vulnerabilities, and protect their users at a comprehensive level, a large part of this protection falls on them.
“This is why it is necessary to apply good security practices such as strong and robust passwords, the encryption of personal information, the implementation of double authentication and, of course, common sense. Everything that is uploaded to the Internet, stays there ”, said Pablo Ramos, security specialist at ESET Latin America.
[+] Videos de nuestro canal de YouTube