Being told by an IT provider how important it is for you to update your software is probably a bit like your grade school teacher telling you how important it is to do your homework: of course they’re going to say it, it’s their job to do so. However, we’re telling you what the Department of Homeland Security announced when they released a warning to update your Google Chrome web browser.
October saw five vulnerabilities patched in Chrome, with two of those vulnerabilities being classified as zero-day threats. A zero-day threat is an attack that is already being used by cybercriminals by the time security researchers identify it. With the head start that the zero-day threat gives them, these cybercriminals have a dangerous advantage.
To add to the issue, two of these zero-day threats were also identified as high severity attacks, one taking the form of a JavaScript engine phishing attack and the other in a corruption vulnerability in one of Chrome’s features. While further details are scarce, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) have warned us of their significance and their capability to assist an attacker in taking over an infected system.
Both threats have been spotted, so CISA is officially encouraging that all patches be applied, and updates made, to resolve these threats.
Let me ask you this: let’s say that your office’s front door would no longer lock securely. Would you leave it alone in the hopes that nobody would mess with it, or would you prioritize having the lock fixed?
This is the situation that business owners now find themselves in, and far too many of them simply hope that it won’t be a problem. Consider the fact that Google released a patch for one of these vulnerabilities via an update, but only half of users applied the update within a day.
Regardless of whether this is due to negligence or the possibility that the device they are using is simply outdated, this suggests that many companies are leaving their vulnerabilities exposed.
iTSTL can help through our managed services, as we’ll ensure that your technology is patched and fixed appropriately. To learn more about our services, or to find out how else we can assist you in securing your business’ IT, reach out to us at (314)828-1234.
Comments