The Adobe Patch Day in August must have caused quite a stir in IT departments: 80 vulnerabilities were detected in Adobe flashplayer, Adobe acrobat and reader, as well as in the experience manager, 46 of which were deemed critical. This very clearly shows that the sporadic closure of vulnerabilities does not meet the standards of current strict data protection laws.
Not being able to trace whether the update was installed on all network devices poses yet another risk. The only guaranteed way to know is to continuously run automated and complete scans throughout your network with vulnerability management software. Daily updates contain vulnerability tests to find running threats and security gaps. Take a look at the current situation here.
Beware of legacy technology
Many believe Flash is dead. That is true and false at the same time. Contrary to all predictions, Flash and other technologies are still being used. And that is why it is important to know where in your own network they can cause harm and create a risk. An automated scan helps you find out and ultimately gives you more security.
Large-scale cyber attacts like WannaCry can bring on a real panic. The Greenbone Community Edition is just what you need to ease the situation: The tool is free of charge, checks the network and detects weaknesses – before malware exploits them.
The worldwide ransomware attacks have affected tens of thousands of computers in almost 100 countries: The attackers block data access with the help of the trojan WannaCry. Then demand a ransom for decoding the now encrypted data. Networks with a vulnerability in the network protocol Server Message Block Version 1 (SMBv1) are the prime target of these cyber criminals. This was known for quite some time. Which is why our Greenbone security research team already issued a network vulnerability test at the beginning of February, pointing out this weakness for customers and users. This early warning raised user awareness for the problem and prevented worse from happening.
The feedback came mainly from the users of our free Greenbone Community Edition. It can do a lot more than just look for WannaCry in the network. The free platform detects other Microsoft vulnerabilities, too. At the same time, users can check the complete IT infrastructure including other software packages, routers, switches, access points, printers and further equipment for vulnerabilities. There is no time limit on the use of the Community Edition. For professional-grade support, users can always switch to the Greenbone Security Manager. Please look here for a detailed comparison.
By the way, the crypto mining malware Adylkuzz, which has been around since April, exploits the same weak point. So a quick check is definitely worth your time. A free download is available here.
Windows 10 is transferring more data to Microsoft than those responsible for data privacy in businesses and public administration should be willing to allow. Read more about this in an article by our CTO Lukas Grunwald in today’s new iX and online at heise.de/newsticker.
Our customers can check their infrastructure for talkative Windows10 installations using the new scan configuration. With that, they can verifiy unwanted telemetry settings and do a compliance check on blithering Windows10 Home and Pro versions or unsafe Windows10 Enterprise versions.