Ei, tu,
Essere a conoscenza!

35,000 infezioni ransomware al mese e ancora crede che si sono protetti?

Iscriviti per ricevere:

  • avvisi
  • notizia
  • libera come da rimuovere guide

delle più recenti minacce online - direttamente alla tua casella di posta:


dispositivo di sicurezza, Vulnerabilità, e Windows

update-sistema-salute-stforum

Sicurezza personale di solito inizia con il dispositivo. I dispositivi più non protetti sono là fuori, il meglio è il meccanismo alla base di violazioni di dati e infezioni di malware. Così, se si vuole essere sano e salvo, iniziare con il dispositivo.

Device Security and Operating Systems

Microsoft’s operating system has quite the user market share. Maybe that’s one of the reasons Windows gets in the way of cyberattacks that often. Or maybe the intensity of successful attacks on Windows is due to running an outdated version of the OS?

To answer these or other questions or just for the sake of the analysis, Duo Security examined more than two million devices, more than half of which were running on some version of Windows.

duo-102016-1

Researchers then discovered that 65 percent of the Windows devices were running on Windows 7, which is susceptible to more than 600 security vulnerabilities.

This is not the worst part. Tens of thousands of machines are still using Windows XP. Windows XP was released in 2001. This fact alone means multiple attack scenarios literally made available by hundreds of vulnerabilities. Many of those flaws are of critical character.

There are many reasons why a company would prefer an older OS over a newly released one

The most obvious reason is the cost and time needed to update each computer and software in an organization. In alcuni casi, the software the company is running may not correspond to later operating systems and environments, come ha spiegato by Ajay Arora, CEO of Vera.

Correlata: Industries Will Be Spending $101.6 Billion in 2020 for Security Solutions

The expert also believes that if companies continue to choose Windows 7 over later Windows versions, they need to consider security software that covers the lacking features like default disk encryption. "It comes down to, spending the money to address the underlying issue of using an operating system with weaker security, spending money to update the operating systems, or spending the money to secure the thing you are trying to protect in the first place; the data itself,” Arora says.

The biggest problem nonetheless is the continuous disclosure of new vulnerabilities. Proprio di recente, Google’s Threat Analysis Group disclosed a set of zero-day flaws in Adobe Flash and Microsoft Windows kernel. This set of flaws has already been exploited in the wild against the Chrome browser.

Adobe were able to quickly update Flash against the CVE-2016-7855

Sfortunatamente, the Windows kernel bug is still unpatched. In a post from October 31st, Neel Mehta and Billy Leonard from the Threat Analysis Group say that:

Dopo 7 giorni, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.

What Are Some Good Security Tips?

Duo security researchers advise the following, and we agree:

  • Use modern browser platforms that are more secure or go for browsers that are updated more frequently and automatically;
  • Never underestimate the power of security updates and emergency patches;
  • Consider using device encryption, passwords and fingerprint ID;
  • Consider using a two-factor authentication solution to protect systems and data;
  • Disable Java and prevent Flash from running automatically on corporate devices;
  • This practice should go for user-owned devices through endpoint access policies and controls.

Milena Dimitrova

Uno scrittore ispirato, incentrato sulla privacy degli utenti ei software maligni. Gode ​​di 'Mr. Robot 'e paure' 1984 '.

Altri messaggi - Sito web

Condividi su Facebook Quota
Loading ...
Condividi su Twitter Tweet
Loading ...
Condividi su Google Plus Quota
Loading ...
Condividi su Linkedin Quota
Loading ...
Condividi su Digg Quota
Condividi su Reddit Quota
Loading ...
Condividi su Stumbleupon Quota
Loading ...
Please wait...

Iscriviti alla nostra Newsletter

Vuoi essere avvisato quando il nostro articolo è pubblicato? Inserisci il tuo indirizzo e-mail e il nome sottostante per essere il primo a sapere.