Adobe's Security Updates
Adobe has recently released security updates to fix two critical vulnerabilities for Acrobat and Reader. The first vulnerability, identified as CVE-2018-16011, can lead to the execution of arbitrary code. The second vulnerability, identified as CVE-2018-19725, can result in privilege escalation.
As these vulnerabilities are public now, it is highly recommended that both Mac and Windows users install these updates. Click on the following link for further action:
Vulnerabilities in Fax Protocol
ATO claims to have received more than 115,000 faxed documents in 2017-18. According to ‘The Age’, and ‘the Sydney Morning Herald ‘, many small Australian companies in the healthcare, finance and legal sector still use fax on a daily basis. The vulnerabilities in the fax machine protocols haven’t been updated since the 1980s and such extensive use of fax printers in Australia pose a huge problem.
At the recent DEF CON 26 hacker event in Las Vegas, two security researchers from Check Point demonstrated one such exploit - ‘Faxploit’. They showed that a hacker only needs a fax number to exploit these vulnerabilities. A specially coded colour jpeg can have any malware code, which when received by the fax printer, can easily be decoded and uploaded into the printer’s memory. The malware can then spread through the device and ultimately to the network that is connected to the fax-printer.
One way to prevent Faxploit is via network segmentation. Companies can limit the data access to an attacker by breaking large networks into smaller ones, or by isolating fax machines in their own subnetworks.
Is there a simpler way of putting a dollar value on risks?
Privasec's Cyber Security Advisor for APAC, Shamane Tan wrote an article about the Open Group FAIR framework. This framework provides a structured and community vetted approach to calculate the Return on Investment (ROI) on cybersecurity controls. Read the full article here.
Preparing for a Distributed Denial of Service (DDoS)
Distributed Denial-of-Service (DDoS) attack is an attempt to disrupt the normal functioning of a network, server or a website by flooding it with internet traffic. During a DDoS attack, there is practically no time to react.
Therefore, it is crucial to have a plan before a DDoS attack strikes. The plan must properly document the network topology diagram for management of crucial assets during the attack and require the alerting of relevant stakeholders. A few other tricks for preparing for a DDoS attack include the use of sufficient bandwidth, infrastructure redundancy, DNS server redundancy and use of WAF (web application firewalls) for server protection.
Consumer Security Behaviors
Apart from having financial implications, a security breach leads to a loss of consumer trust. An illustration of this is in the hospitality industry, where breaches can have a negative impact on consumer perception, satisfaction and intent to revisit (Berezina et al., 2012).
In their study ‘Consumer security behaviours and trust following a data breach’, authors Shelby R. Curtis, Jessica Rose Carre and Daniel Nelson Jones concluded that, following a data breach consumers perceived companies as less trustworthy, but did not change their ‘behavioural intentions to be personally more secure’. This suggests that companies should be omitting reliance on improved user security practices when assessing their security posture following a security breach.
Our team of experienced security consultants can assess your current security posture with a Cyber Resilience Health Check. Give us a call at 1800 996 001, and discover how we can help.