Are you keeping up with the latest cyber security threats? Well, it’s time to sit up, because the past few months have seen a couple of high severity bugs find their way through vulnerabilities in well-known software providers:
Heartbleed – It’s Not Over Yet!
A few months ago, we published an article in the Intelligence Centre exploring how the OpenSSL vulnerability Heartbleed could affect your Chambers. As the Bar Council wrote, it’s probable that we were all affected in some way, either directly or indirectly – 70% of websites were, after all. We are over a year on from the Heartbleed scare, and though most websites will have patched the original holes in Open SSL by now, it’s not over yet.
Unfortunately, a new security high-risk flaw in Open SSL has been discovered. In June, over a year on from the discovery of the Heartbleed vulnerability, details of a high severity bug in versions 1.0.1 and 1.0.2 of Open SSL were revealed. Open SSL is an open-source software widely used to encrypt many of the internet’s communications, and many apps use the OpenSSL code library to communicate securely via the web.
With this bug, there is nothing for you to do unless you’re responsible for running your own servers or develop apps that rely upon secure OpenSSL communications. In this case, you should look into applying the fix as soon as possible.
Adobe Flash Bug
In other cyber security news – we’re sure it hasn’t escaped you that online surveillance data was recently stolen from Italian firm The Hacking Team through a hole in Adobe’s Flash software. Given the size and presence of Adobe on the web, the implications were severe. The bug was almost immediately weaponised, and cyber criminals exploited a flaw in Flash’s security to compromise computers in a variety of ways.
“This is one of the fastest documented cases of an immediate weaponisation in the wild, possibly thanks to the detailed instructions left by the Hacking Team”
Jerome Segura, Malwarebytes.
“As always, the best policy here is to make sure your application and the operating system you use have all the updates installed”
Think your Chambers’ IT systems may have been compromised by these or any other cyber security threat? Please do not hesitate to get in touch to discuss a protection package for you.