Blog

Hackers Hate Updates

Posted by Ryan Shrier on September 25, 2019 at 10:41 AM

hackers-hate-updates

Over the years it has become apparent that without updates, it is only a matter of time before technology becomes insecure. And if your devices fall into this category, they soon become obsolete.

As far as systems level updates go, it is recommended to automatically fetch updates. Without security updates from Microsoft, your Windows machine is an open door to the everyday hacker; the same goes with Apple products.

It is understood that attackers themselves are becoming smarter. Using techniques such as Phishing, Cross Site Scripting, Arbitrary Code Execution, etc., the methods of these exploits are nothing short of advanced. As these bad actors are becoming more knowledgeable, it is up to the consumer to also research what are the best mitigation strategies.

 

Use your free guide to help train your employees on current security threats.

 

Keep in mind, Windows/OSX aren’t the only operating systems that need special attention. Your mobile device is becoming increasingly appealing as a source of revenue for digital intruders. From fake app stores, site tracking, to data aggregates, these systems are starting to show their true colors.

Once hailed as an “unhackable” device, the iPhone has been compromised numerous times in the past couple of years. Recently it was discovered that simply by viewing a malicious web page a hacker could gain full control of your phone. [1]

Apple claims the authors of the blog post disclosing said ‘hack’ are “stoking Fear Among All iPhone Users”. This sentiment is warranted as Apple promptly updated their available firmware. If available on your device, so should you. [2]

The problem lies within the millions of users who ignored the numerous notifications prompting them to update their firmware.

The easiest solution to combat the average internet thief is to update your devices and services on a regular basis. While the operating system itself may not be vulnerable, the tools employed within offer another surface of attack.

Recently it has come to our attention that LastPass was compromised by a bug. While the exploit would have to be leveraged in a sophisticated manner, this was still concerning to our security team. If you use this tool though, don’t worry. As stated by LastPass,

We have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.[3]

Like most browser extensions, this was fixed without the general user base even knowing about the error. Alike security updates with a random ID attached to them, sometimes there are more things being fixed than advertised. While most people downloaded the new iOS update for its features, most consumers updating their phone had no idea they were actively stopping a persistent threat running rampant on the platform.

Further Reading:

https://www.wired.com/story/ios-attack-watering-hole-project-zero/

https://fortune.com/2019/09/06/apple-response-iphone-hack/

https://blog.lastpass.com/2019/09/lastpass-bug-reported-resolved.html/

Download Our Security Awareness Guide