Updating software on employee workstations is a never-ending, constant process. Thus, you may simply lack the resources to keep updating all software. On average, dozens of new vulnerabilities are found every single day; accordingly, many hundreds and even thousands of patches for them are released every month.

This poses the question: what updates should be a priority? And there’s no simple answer to that. Patching strategies can be very different, and finding the one that works best for your company can depend on various circumstances. In this post, I share some thoughts on what software should be patched first — based on the potential risk of vulnerability exploitation.

Got any vulnerabilities on your system?

Some people believe that the number of discovered vulnerabilities speaks of the given software’s quality. Simply put, more bugs means worse software, and a lack of any ever reported means that software is great. These considerations then affect their choices of corporate software.

But this is, of course, a misperception: the number of detected vulnerabilities generally speaks of the program’s popularity, not quality. You can find bugs anywhere. And most of the time, bugs are discovered where people look for them. A company could get by using some long-forgotten software product just because nobody ever found any vulnerabilities in it. But that would be an unwise strategy: what if someone actually tries and succeeds in discovering a whole load of them right away?

In a nutshell, it’s not the number of bugs that matters, but how quickly patches for them come out and if they actually fix problems. Quick and regular patching is a good thing. While rare, sporadic releases — with the vendor trying to pretend that nothing bad has happened — are a disturbing sign; such software should be avoided.

Another good thing is when the developer runs a bug bounty program — even better if the program is open for everyone. A bad thing is a vendor threatening to sue bug hunters (yes, it happens more often than one would imagine), or worse: dragging people to court for reporting vulnerabilities.

Operating systems

But let’s get back to patching prioritization. The obvious candidates for the highest priority are operating systems. All-important OS updates must be installed as quickly as possible. The risk is self-evident: a compromised OS is the key to the rest of the computer’s software.

So if you use Windows, it’s in your best interests to at least look through the list of Microsoft updates on the second Tuesday of each month, and install them ASAP. But you should still follow the news: if a Windows patch comes out on a different date, it should be installed right away.


There are several solid reasons to prioritize browser updates. Firstly, browsers account for much of our digital activity these days. Secondly, browsers by definition interact with the internet, so they’re one of the first to be affected by any cyberthreats. Thirdly, attackers spare no effort looking for browser vulnerabilities, often succeed and quickly turn to exploiting them.

So try to install browser patches pronto. Additionally don’t forget to restart your browser after an update: until you do, the old, vulnerable version remains in use. Keep in mind that your system may have more than one browser installed. They all need timely updates.

And speaking of multiple browsers, there’s a couple of things to keep in mind:

  • Internet Explorer: hardly any user’s free choice anymore, but this browser is still featured on any Windows computer — and needs timely patching.
  • Many desktop apps (for example, messengers) are based on the Electron framework — technically a Chromium browser opened in a web app. Don’t forget to update them too, as they automatically inherit every Chromium flaw out there.

Office suites

Attacks through emails with malicious attachments are a classic cybercriminal move. They mostly rely on infected files — especially Microsoft Office and PDF documents. This means that office suite programs’ vulnerabilities often serve as an entry point into the target company’s network. Therefore, you should pay close attention to office software updates.

In most cases, malware attachments don’t open themselves — somebody has to click on them. That’s why it’s important to provide information security training for your employees — for example, on our interactive educational Kaspersky Automated Security Awareness Platform.

It’s also a good idea to set up an internal communication channel with your information security department: on the one hand, to alert your employees about relevant threats and improve general awareness; on the other, to receive their reports on various suspicious activity, including in their email boxes.

Cybersecurity solutions

As mentioned above, vulnerabilities can be found in any software — and security products are no exception. Antiviruses and other information security applications need lots of high-level permissions to operate efficiently, so a successful exploitation of a security solution’s vulnerability might cause very serious problems.

Security software developers are aware of the potential danger of such a scenario better than anyone else. Therefore, they try to promptly respond to reported vulnerabilities and release updates ASAP. Of course, promptness is equally important when installing those patches. We recommend monitoring your security products’ updates diligently and prioritizing their installation.

Work collaboration apps

One more software category that has earned special significance for office employees in the past decade requires special attention. I’m referring to work collaboration apps, such as Microsoft Teams, Slack, Confluence, and the like. In many companies these have gradually taken over a considerable part of business correspondence, file exchange, and conference calls.

Naturally, collaboration tools have become an attractive target for cybercriminals: they can usually learn a lot of juicy things from the content that’s transferred through collaboration apps. It’s important to keep these apps up to date with the latest security patches.

Here’s one more reason not to postpone updating your collaboration tools. As I mentioned above, every app based on the Electron framework is technically a Chromium browser — with all its vulnerabilities so popular among cybercriminals. And guess what? Electron is also quite a common framework for collaboration tools. For instance, it’s the backbone of the desktop versions of both Teams and Slack.

To protect employees’ computers from hacking at those unpleasant moments when a vulnerability has already been found but a patch for it hasn’t yet been released, be sure to use reliable protection on all corporate devices. By the way, a number of our solutions for business — including Kaspersky Endpoint Security for Business and Kaspersky Hybrid Cloud Security Enterprise — feature the built-in Kaspersky Vulnerability and Patch Management system that helps you automate and properly prioritize your software updates.

#software #patched

Kumaha upami panyerang tiasa kéngingkeun perusahaan anu terkenal pikeun nyebarkeun email atas nama aranjeunna?

aktor goréng geus disebarkeun malware via email mangpuluh-puluh taun. Langkungna waktos, téknologi kaamanan parantos mekar sareng ningkat pisan, ngajantenkeun tugas ieu langkung sesah pikeun penjahat cyber. 20 taun ka pengker, urang sering nyaksian distribusi email cacing, nu ngabalukarkeun inbox kabanjiran jeung server mail ambruk. Sanaos Prévalénsi cacing email langkung handap dinten ayeuna, surelek phishing mangrupa ancaman umum anyar nu pamaké kiwari kudu nungkulan, sanajan email keur alat hébat dipaké ku mayoritas pamaké internét.

Henteu ngan ukur mékanisme pertahanan anu béda-béda mekar – individu ogé parantos langkung pinter téknologi, sareng janten sesah pikeun ngabobodo aranjeunna. Ulah salah sangka, sanajan: Aktor goréng modern anu profésional anu nyieun hirup tina cybercrime, sarta aranjeunna investasi beurat dina crafting trik maranéhanana (kadangkala aranjeunna nepikeun aranjeunna dina pesen nu jalan jalan kaliwat professional kaamanan seasoned). Nanging, urang moal tiasa nganggap enteng kamampuan penjahat cyber ieu pikeun ngalaksanakeun kagiatan jahat.

Kumaha upami panyerang tiasa kéngingkeun perusahaan anu terkenal pikeun nyebarkeun email atas namanya? Kumaha upami hiji-hijina tautan dina email nyandak pamaca ka situs wéb milik perusahaan anu sami? Dina seratan ieu, euweuh senders curiga, URL curiga, atawa inclusions ramatloka séjén – aranjeunna sadayana sah. Éta kamungkinan yén jinis email ieu henteu ngan ukur ngalangkungan sadaya lapisan kaamanan maya, tapi ogé bakal nipu pangguna akhir.

Kumaha para penjahat siber ayeuna ngamangpaatkeun téknik inovatif ieu

Adobe nawiskeun jasa awan pikeun nandatanganan dokumén online anu disebut Acrobat Sign, anu pangguna tiasa ngadaptarkeun sareng langsung dianggo. Adobe Acrobat Sign ngamungkinkeun para pangguna anu kadaptar pikeun ngirim pamundut tandatangan dokumén ka saha waé. Dina ngalakukeun kitu, hiji email bakal dihasilkeun sarta dikirim ka panarima dimaksudkeun. Surélék ngawengku tumbu ka dokumén (anu bisa mangrupa PDF, dokumén Word, file HTML, jeung saterusna) nu bakal hosted on Adobe sorangan.

Pangirimna tiasa nambihan téks anu anjeunna hoyong muncul dina email, anu mangrupikeun detil anu penting, sabab tiasa gampang disalahgunakeun ku cybercriminals.

Ieu salah sahiji pesen tim kami bray:

Alamat mulang dipintonkeun salaku adobesign@adobesign.comnu mangrupakeun alamat surélék nu sah.

Nalika korban klik tombol “Review sarta asup”, aranjeunna dibawa ka kaca hosted di “eu1.documents.adobe.com/public/”, nu sumberdaya sah sejen milik Adobe. Sakumaha anu ku kuring disebatkeun tadi, jalma anu nganggo jasa ieu tiasa unggah sababaraha jinis file ka Adobe Acrobat Sign, anu bakal dipidangkeun dina email kalayan pilihan pikeun ngadaptarkeunana.

Penjahat cyber kalebet téks sareng tautan dina dokumén anu masihan korban ide yén aranjeunna bakal maca eusi sateuacan ditandatanganan. Nalika ngaklik tautan, korban dialihkeun ka situs anu sanés dimana aranjeunna dipenta pikeun ngalebetkeun CAPTCHA anu disandi keras.

Sakali asup, korban bakal dipenta pikeun ngundeur file ZIP nu ngandung a Trojan garis beureum varian dirancang pikeun maok kecap akses, dompet crypto tur leuwih.

Dina conto di luhur, targét serangan éta ngagaduhan saluran YouTube kalayan ratusan rébu palanggan, janten topik pesen cocog sareng profil éta. Untungna, korban nyadar yén aya hiji hal “phishy” ngeunaan pesen na teu klik link.

Teu siap nyanghareupan éléh, tapi panyerang nyoba nyerang deui sababaraha poé sanggeusna. Pikeun ningkatkeun kamungkinan masang malware, aranjeunna ogé nambihan tautan sanés kana email anu dikirim ku Adobe.

Nalika ngaklik tautan éta, halaman ieu bakal dimuat dina browser:

Kaca ieu hosted on dochub.com, nu parusahaan sejen nu nawarkeun Signing dokumén éléktronik. Nanging, upami korban ngaklik tombol “Review sareng tanda” dina email, éta bakal dibawa ka Adobe sareng bakal nampilkeun dokumén anu sami pikeun ditandatanganan (anu ogé ngandung tautan anu sami dina jerona).

Tautan dina dokumén anu dipasang dina dochub.com sareng adobe.com nyandak korban kana CAPTCHA anu sami (hardcoded):

Lamun diasupkeun bener, korban bakal ngundeur malware, nu varian sejen tina Trojan Redline. Dina hal ieu, file ZIP ogé ngandung sababaraha executable non-jahat séjén milik kaulinan Grand Theft Auto V.

Salah sahiji ciri tina dua varian Redline anu dianggo ku penjahat cyber dina serangan ieu nyaéta sacara artifisial ningkatkeun ukuran Trojan ka langkung ti 400 MB. Éta henteu katingali ku korban nalika diunduh, sabab filena dikomprés sareng kalolobaan ukuran jieunan ngan dieusi nol. Alesan pikeun ieu teu kanyahoan; meureun penjahat cyber ngagunakeun eta dina harepan bypassing sababaraha mesin antipirus nu bisa kalakuanana béda jeung file badag.

Nyiksa Adobe Acrobat Sign ieu pikeun nyebarkeun malware mangrupikeun téknik énggal anu dianggo ku panyerang nargétkeun korban khusus. Tim kami henteu acan ngadeteksi serangan anu sanés nganggo téknik ieu; Tapi, urang sieun yén éta bakal jadi pilihan populér pikeun penjahat cyber dina mangsa nu bakal datang. Ieu kusabab éta tiasa ngahindarkeun saringan anti-malware anu béda-béda, anu ningkatkeun kasempetan pikeun ngahontal korban. Nanging, kami parantos ngahubungi Adobe sareng dochub.com sareng ngabagi sadaya inpormasi ngeunaan kajadian éta sareng aranjeunna.

Kumaha anjeun tiasa ngajaga diri

  • Entong klik tautan email ti pangirim anu teu dipikanyaho. Nengetan tambahan kana naon waé anu anjeun tampi ti jalma anu anjeun henteu terang.

  • Pariksa sumber Anjeun. Sateuacan ngaklik tautan, naroskeun ka diri naha anjeun nampi éta sareng naha éta tiasa dianggap sah.

  • Paké software kaamanan. software Kaamanan, atawa anti virustindakan salaku jaring kaamanan, ngajaga malah pamaké internét paling tech-savvy.

#ngagunakeun #Adobe #Acrobat #Sign #pikeun #nyebarkeun #malware