All kinds of businesses can hardly do without having a dependable managed IT support team for their Sydney enterprise nowadays because of the countless threats from relentless cyber attackers.
New malicious software and exploits are being created and discovered quicker than they can be patched and resolved so qualified managed IT support team in Sydney is essential in keeping business machines, networks, and valuable business data safe and secure. Here are just some of the new threats in the past few days.
15- Year Old Httpoxy Vulnerability
15 years ago, a vulnerability that can remotely exploit web application code was discovered and it has come back to haunt our server administrators today. Managed IT support teams in Sydney and around the globe are advised to take immediate action. Researchers from Vend, a POS (point of sale) software company from New Zealand, collaborate with Red Hat security in documenting the vulnerability and they called it Httpoxy.
Managed IT support groups in Sydney should keep a close watch for cyber attackers who can use a proxy for outgoing HTTP requests and leave the server vulnerable with outward open connections to random TCP (transport control protocol) ports and IP addresses. This flaw also leaves servers vulnerable to a denial of service attack since can force the use of a malicious proxy and use up server resources.
Managed IT support teams in Sydney should be aware that the concern lies with the namespace conflict detailed in the RFC 3875 document request which summarizes the functionality of the CGI (common gateway interface) for external programs that are running under the web servers or HTTP. The vulnerability was discovered in 2001 by Randal Schwartz, a Perl guru, who also resolved the libraries of the scripting language the very same year but the bug has resurfaced since in other software. Scott Geary of Vend recently discovered that the bug still exists in the scripting language on the PHP server-side and in much other contemporary software.
Managed IT support groups in Sydney and Administrators of business websites are advised to block proxy request headers to prevent httpoxy exploitation. The researchers suggest using WAF (web application firewall) or by directly blocking it on the web servers. Microsoft IIS (internet information service) web server, frameworks of Active Server Pages, and ASP.NET are not directly susceptible to httpoxy but websites that run on PHP and similar software need extra care in the prevention of being exploited.
CryptXXX Ransomware
Managed IT support teams in Sydney should be aware that cyber attackers are directing their efforts in using business websites by exploiting a vulnerability of WordPress Revslider plugin to disseminate CryptXXX Ransomware. Invincea, a security vendor, warns managed IT support groups in Sydney that SoakSoak botnet is scanning business websites to find ones that are running the vulnerable Revslider version.
Once it finds the vulnerable installation, it adds a script to redirect to another web page which contains a Neutrino exploit kit. Managed IT support teams in Sydney are well aware of the popular Neutrino functions which look for debuggers and security tools on the targeted system and drops the CryptXXX ransomware into the system.
CryptXXX reared its ugly head in April 2016 and it mainly attacks computers with Microsoft Windows operating systems. Managed IT support groups in Sydney and around the world have yet to find a fix to decrypt the files that were scrambled by the latest CryptXXX ransomware version. Extortionists demand 2.4 bitcoins, equivalent to around $2160 AUD, from victims who would want to buy a decryptor from the cyber attacker.
Invincea enumerated websites that they have observed to be compromised and it includes Dunlop, an Australian construction supplies company. The same RevSlider vulnerability was behind the NWS government website last March 2015 and more than one hundred thousands websites were compromised within a day back in December 2014.
Managed IT support teams in Sydney should be very vigilant because botnets are doing nonstop scans on web servers around the globe to find susceptible themes, plugins, and outdated CMS where they can exploit to be redirected to exploitation kits.