The number of small to medium businesses that acquire outsourced managed IT support has continually been on the rise for the past year, mostly because of the dramatic increase in cyber criminal activity that has victimised thousands of Australian SMEs.
Dependable managed IT support groups aren’t only helpful for having back-ups of your computer systems when things go haywire, they also take a pro-active approach in monitoring and ensuring that your business machines and networks are secure and will remain secure against the hundred thousands of kinds of malicious software, viruses, and other threats. Here are the latest digital world updates and issues that your business and managed IT support teams should be aware of.
Remote Access Flaw Of D-Link Devices
Small to medium businesses and their managed IT support teams should be aware of the recent discovery that more than 120 D-Link equipment are susceptible to being exploited remotely by scrupulous cyber attackers. Researchers from Senrio, a security start-up initially reported the flaw last June when they first noticed the vulnerability in the firmware of the Network Cloud Camera, D-Link DCS-930L which can be controlled via a smartphone application. Senrio researchers observed that malicious code can be executed with a stack overflow in the dcp services that enables the process of being controlled remotely. They found that the vulnerability is applicable to five D-Link cameras of that product range.
After further investigation, D-Link found out that 120 models of devices ranging from cameras, modems, routers, access points, and storage devices have the same remote control vulnerabilities. Senrio did a search on the Shodan engine and found around 400,000 D-link devices are indeed exposed to the word wide web, especially if the businesses using these gadgets do not have a steadfast managed IT support team monitoring and keeping their business networks secure.
The D-Link spokesperson announced that their engineers are hart at work in patching and fixing the flaw of the vulnerability of the DCP protocol. They are currently testing the firmware and patches are being built into UID agents for other models. Managed IT support teams should be able to access the patches via the mydlink automatic upgrade or through manual download from the D-Link support website.
Security Issues Of Symantec-Norton Discovered By Google
Norton Security is considered one of the pioneers in cyber security and many businesses with managed IT support groups use their products and services. Google recently found a security vulnerability in Norton legacy products, Norton 360, Symantec e-mail security, Symantec Endpoint Protection, Sharepoint server protection, Symantec Protection Engine. There could be holes in other Norton products too. Project Zero from Google discovered the flaws and says that the vulnerabilities are quite disconcerting.
Even the Department of Homeland Security in the United States issued an alert on the Norton and Symantec antivirus products’ vulnerabilities because several of these are widely used throughout their government and various industries. Homeland Security warned the people the these vulnerabilities could lead to exploitation that would let cyber attackers to remotely control affected systems and that it is advisable to do immediate updates.
Managed IT support groups who are not aware of the holes would be caught unaware because the vulnerabilities do not require user interaction and it affects the default configuration of the programs which runs with top privilege levels. In some cases on Windows OS, the susceptible code is loaded into the kernel which results to remote access that can corrupt the kernel memory. Norton and Symantec antivirus software uses the same core engine with all their products so their entire product line is affected by these security vulnerabilities.
Norton was quick to resolve and react to the issue. Businesses with managed IT support teams who use Norton and Symantec products now have access to patches for their cloud-based products. They are still working on patches for installed legacy products. It would come as a huge relief for managed IT support teams that there are currently no known exploits but we all know that cyber criminals are working double time to exploit systems that are unpatched so it is best to be vigilant.
Google also discovered issues with Kaspersky, ESET, Comodo, McAfee, FireEye, and hundreds more. Managed IT support teams will definitely have their hands full with patches and updates for the next few weeks.