Tag Archive for: Security Update

,

Adobe Acrobat and Reader have some serious security flaws, so patch now

Adobe has issued a urgent warning to users of its Acrobat and Acrobat Reader PDF editors following the discovery of a zero-day vulnerability of critical severity.

The software company has released a security update for Windows and macOS users, urging them to apply the patch as soon as possible in order to reduce the risk of an attack.

In a statement, the firm said: “Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.”

Adobe Acrobat and Reader patch

Details about the vulnerability remain scarce given the fresh nature of the discovery, however the software maker did confirm that: “Successful exploitation could lead to arbitrary code execution.”

Acrobat DC and Acrobat Reader DC versions 23.003.20284 and earlier have been confirmed to be affected, as have 2020 versions of both software running build 20.005.30516 and earlier for macOS and 20.005.30514 and earlier for Windows.

Adobe’s latest software updates for its PDF programs, which became available on September 12, address a series of security issues. They also introduce some feature changes and enhancements, including the ability to reposition quick tools, new undo and redo options in the top menu bar, drag-and-drop support for combining files, and more.

The San Jose-based company also issued further updates across its range of products, including Adobe Connect and Adobe Experience Manager software, which allowed attackers to gain arbitrary code execution on unpatched devices.

The discovery of vulnerabilities in Adobe’s software is not ideal, but nor is it alarming. Companies release security fixes for their software on a regular basis in order to iron out vulnerabilities and protect users, and the fact that the company responded with speed is admirable.

Adobe or not, anybody using any digital service should keep an eye on software and firmware updates that become available, installing them as soon as possible.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
,

Steps to defend your business from watering hole attacks

Watering hole attacks are on the rise, but many businesses are still unprepared against it. To avoid falling victim to a watering hole attack, it is crucial to know what it is, understand the risks, and take steps to defend your business.

How watering hole attacks work

The term “watering hole” colloquially refers to a social gathering place where a particular group of people often go to. As internet users, we all have unique “watering holes” or websites that we frequently visit. For example, a financial analyst is likely to visit websites related to financial investments and market trends.

In a watering hole attack, cybercriminals observe the watering holes of a specific demographic and infect their targets’ most visited websites with malware. A user who has the misfortune of visiting any of these compromised sites will then have their device automatically loaded with malware.

The malware used in these attacks usually collects the victim’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will also actively take control of the infected device.

But how does a cybercriminal choose which websites to hack?

With internet tracking tools, hackers find out which websites companies and individual users visit the most. Hackers then attempt to find vulnerabilities in those websites and embed them with malicious software.

Tips to defend against this threat

Hackers these days are so highly skilled that they can exploit any website using a watering hole attack. Even specific ethnic communities and demographics have become targets of this scheme.

Protect yourself and your business from watering hole attacks by doing the following:

Update your software
Watering hole attacks often exploit security gaps and vulnerabilities to infiltrate computers and networks. You can significantly reduce the risk of an attack by regularly updating all of your software and browsers. Make it a habit to check the software developer’s website for any security patches. Better yet, hire a managed IT services provider to keep your system up to date.

Closely monitor your network
Regularly conduct security checks using network security tools like intrusion prevention systems that detect and contain suspicious or malicious network activities before they cause problems. Consider using bandwidth management software to enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large data transfers or a high number of downloads.

Hide your online activities
Use a VPN and your browser’s private browsing feature to hide you and your team’s online activities. You can also block social media sites from your office network, as these are often used as share points of links to infected sites.

Watering hole attacks can be devastating to businesses of all sizes. By staying informed and taking steps to protect your business, you can minimize the risk of becoming a victim. Contact us today to learn more ways to keep your business safe from watering hole attacks and other cyberthreats.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

/by