8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks - part 2

Top vulnerable applications in 2014 Google Chrome 124 vulnerabilities in 2014 POODLE attack in 2014: The attacker could get the information you transmitted in your browser in plain text: passwords, confidential information, EVERYTHING! AFFECTED ALL BROWSERS Could access cookies as well and track your every move! Adobe Flash is directly integrated as a component in Google Chrome, which causes MORE vulnerabilities! ATTENTION! 36% 36% of Chrome users don't use the latest version of the application, making them vulnerable to attacks! Mozilla Firefox 117 vulnerabilities in 2014 2014 Vulnerability: Enlisted thousands of PCs into a botnet that searched the web for vulnerable web pages and targeted them with automated SQL injection attacks. The vulnerable pages became infected and spread malware to those who visited them. 2014 Phishing attack: Directed Firefox users to sites using a fraudulent security certificate. The users could mistake them for legitimate sites, and enter sensitive information, such as usemames and passwords. 50% 50% of Firefox users don't use the latest version of the application, making them vulnerable to attacks! Adobe Flash Player 76 vulnerabilities in 2014 2015 Angler exploit kit: ONE OF THE MOST SOPHISTICATED Runs the dropped malware from memory, without ever writing to the hard drive Example of highly advanced polymorphic malware Cannot be detected by antivirus Can give cyber criminals full access to a user's computer ZERO DAY ATTACKS 2015 Malvertising attack: Exploits loaded through malicious banner ads on legitimate websites (e.g. Daily Motion.com). Flash malware can now interact with JavaScript to help conceal malicious activity, making it much harder to detect! Flash Player is one of the most vulnerable types of software in the world, exposing 99% of computer users! 110 million Flash is used by around 110 million websites (11.0% of all the websites in the world)! SJava Oracle Java Runtime environment 104 vulnerabilities in 2014 Goon/Infinity/Rig Exploit Kit 2014: Used by cyber criminals to install malicious software on users' systems when the users visited compromised websites Allowed attackers to modify and/or alter sensitive information, compromising users around the world via spam emails Java vulnerabilities dropped 34% in 2014, but still remains in the top 5 most vulnerable software in the world! 29 million Java is used by 29 million websites (2,9% of all websites in the world)! Adobe Air 45 vulnerabilities in 2014 Fiesta Exploit Kit 2015: Targeted SubTorrents.com, a very popular Torrent in Spain and Latin America. When a user browsed the website, a malicious redirection silently loaded the Fiesta exploit kit and associated malware payload. The site itself was compromised and served a well-hidden iframe. This attack also targeted Flash player, Microsoft Silverlight and Java. 1 billion Adobe Air reaches more than 1 billion connected desktops! tv Apple TV 86 vulnerabilities in 2014 Apple TV vulnerability: Before the latest update from April 2014, a malicious application could execute arbitrary code with system privileges The flaw could compromise the user's confidential data, including usernames and passwords The application used a vulnerability in the content of an audio driver. Another security hole could be misused to disclose information about the user's browsing habits and transmit it to a third party. 20 million Apple TV has over 20 millions users. Adobe Reader 44 vulnerabilities in 2014 Sandbox escape vulnerability in Adobe Reader 2014: Potentially allowed an attacker to take control of the affected system Exploit designed to trick Windows users into clicking on a malicious PDF file delivered in an email message Highly sophisticated exploit, suspected to be part of a cyberespionage operation Adobe Acrobat 43 vulnerabilities in 2014 Nuclear Exploit Kit 2015: Capable deploying attacks on Flash, Silverlight, PDF, and Internet Explorer as well. Able to the launch advanced pieces of malware and ransomware, such as CryptoLocker or CTB Locker Polymorphic nature Špreads through drive-by downloads in legitimate websites and online ads Antivirus can't detect it Cisco Annual Security Report 2015: exploits in outdated software will continue to be a top security issue of great magnitude! Should I stop using these applications to be safe? Nope. That's not really an option. These types of software are necessary, which is why they're present on 99% of computers. 99% That makes 99% of computers vulnerable! What should Il do to be safe? Use an automated patching tool to keep your software updated. Use a tool traffic scanning tool to keep you from accessing infected web locations. 2 Use an application that can block advanced forms of malware, which antivirus can't detect or block. Use an antivirus in case you get infected. Don't click strange links, open suspicious emails or IMs and keep away from dangerous web locations (such as torrent websites). Remember: There is no way to ensure 100% cyber security for your data! But that doesn't mean you shouldn't try! Heimdal Security https://heimdalsecurity.com/en/ https://heimdalsecurity.com/blog/ Sources: CISCO 2015 Annual Security Report Most vulnerable operating systems and applications in 2014 Fiesta EK Wreaks Havoc on Popular Torrent Site Apple TV 7.2 vulnerability All You Need to Know About Nuclear Exploit Kit W3schools.com Browser Statistics Web Technology Surveys Adobe Flash runtimes statistics The Race Too Early to Call: Roku, Apple TV, Fire TV, Chromecast MADE BY HEIMDAL TEAM