This year has been a busy one for cyber-criminals. Reports indicate there have been over 500 data breaches and more than 500 million records exposed in 2016 so far. This includes the disclosure of 427 million MySpace records, 68 million Dropbox User records and 117 million user emails and password details at LinkedIn. The healthcare, retail, technology, financial and governmental sectors head the list of business areas that were the most targeted throughout the year.
A major concern is the increasing complexity of patching systems and applications. Each year many Common Vulnerabilities and Exposures (CVEs) are posted on the National Vulnerability Database, which helps alert companies who are using these applications and inform them on the mitigation controls to reduce the risks of using such applications. However, some applications pose a much greater risk and unless those systems running these applications are locked down significantly the only alternative options are to blacklist them or remove them completely. Let’s take a look at some of those applications.
1. APPLE QUICKTIME FOR WINDOWS
Apple QuickTime is a multimedia framework that was used for handling various digital video formats and was available on multiple platforms for Mac OS and Windows. The Windows version was also bundled in some versions of iTunes and also many applications that required QuickTime to play digital content, providing download links to make it easy for someone to quickly install.
This year Apple decided to discontinue support for QuickTime on Windows, leaving several severe and dangerous security vulnerabilities that a hacker could exploit to take FULL control of your computer. QuickTime is no longer being updated and these security flaws or any newly discovered vulnerabilities will unlikely be fixed. This truly means that QuickTime for Windows is dead and should no longer be used.
2. ADOBE FLASH PLAYER
Adobe Flash Player formally known as “Macromedia Flash” or “Shockwave” is a multimedia application that helps enrich the experience when browsing the internet and allows streaming of video and audio. It is also used in some desktop applications, mobile applications and games.
However, for many years Flash has had a very poor record for security and vulnerabilities are everywhere with over 400 CVE’s being published. Haackers and cyber-criminals have been exploiting it for many years allowing them to listen to your conversations and use your web camera to watch you in your office or home. Many web browsers have removed support for Flash and stop it from running however many companies and consumers are still using older web browsers which allow Flash to run.
It is highly recommended to use the latest versions of web browsers and to blacklist Adobe Flash or remove it from your system.
3. APPLE ITUNES FOR WINDOWS
Apple iTunes is a media player, media library and mobile device management software developed by Apple to organize and manage all of Apple’s mobile devices and digital media. It is almost impossible to use an apple device without requiring the need to use iTunes. However, if you are a Windows user with an Apple device then using iTunes on Windows is a major security risk. Apple iTunes has had more than 100 CVE’s published and is consistently in the top 10 most vulnerable applications each year. It is also commonly known that apple users do not keep updating iTunes to the latest versions, which typically come with many security updates or you could be using an outdated version that is also bundled with Apple QuickTime, which is listed as the top security risk with many existing exploits.
4. MICROSOFT OFFICE 2007
With Microsoft Office 2007 about to officially end extended support in October 2017 and with mainstream support already ending in 2012 this means the end of life is coming for Office 2007. So if you are still using it do not expect any further security updates, leaving it as a common target for many hackers and cyber-criminals due to its high use across many organizations and consumers. Microsoft frequently provides many critical security updates so it is always important to stay patched and up-to-date with the latest versions and this makes moving away from Office 2007 more critical now than ever before. Office 2007 has very poor security, privacy, auditing and sharing features so while hackers target it, it also does not provide enough protection of the data.
If you are using Microsoft Office 2007 it is recommended to upgrade to the latest version, blacklist these older versions and remove them from your systems.
TAKE ACTION NOW TO MINIMIZE YOUR RISKS
It is important that companies take a proactive approach to blacklisting and removing high-risk applications or applications that have entered end-of-life.
They should be removed as they no longer get critical security updates to remove any major security flaws discovered, and it’s inevitable hackers will target these as a result.
Blacklisting applications is a method used to prevent the installation or running of such applications and are denied system access. Blacklisting should be used to target prohibited applications or applications that cause a significant high security risk to companies like those listed above.
Be sure to stay safe out there and be cautious of the applications you let into your digital world – and take the right measures to do so!