• Home
• About
• RSS
• Get in touch

Beware The Browser…

Symantec’s latest Internet Security Threat Report came out today and one of the trends highlighted is the Internet browser. It’s not just the browser that has vulnerabilities it is also the plug-ins. The average time to fix a problem in the browser is around a week, but some of the maximum times are around six months! However, at least there are fixes and providing you have auto-updates switched on, or have the ‘check for new version’ you should get these pretty quickly after they come out.

However, there were 424 vulnerabilities in browser plug-ins and these are seldomly updated automatically. The most popular vulnerability is memory corruption which enables the cyber-criminal to run any piece of code and basically take over the machine or do whatever they like. Most of the threats are to your confidential information. Social engineering attacks are also in the running, which ultimately result in the user inadvertently installing malware on their machine.

Many of the pieces of malware are now multi-functional, with many allowing remote access, exporting user data and logging keystrokes at the same time. What does this mean, well if you happen to be doing a bit of on-line banking (or shopping) then the cyber-criminal could end up with your bank or credit card details… and they you could become a victim of fraud or worse still identity theft.

New pieces of malware have been created which can be used to become whatever is needed – by downloading content or the payload from cyber-criminal web sites. So, they can be spambots one day and run denial of service the next. Conficker / Downadup is probably the most infamous of this type of malware, although it is unclear as to what the payload is going to be. Having your machine host a spam service unknowingly or perhaps participate in a denial-of-service attack is not good.

So if you are an organization then you need to look at your security and patching policy. Ensure that the latest security definitions are delivered to your users in a timely manner – this will keep you protected while you work on patching the OS and applications. You should also look at a policy for patching or regularly updating browser plug-ins as well.

If you are an individual, then you should also keep your security definitions up to date and also ensure that the OS and application updates are installed. So, if a reminder appears on the screen that an update is available – then install it now, don’t put it off. You may regret it later.

comments

• Connect with us



• Get Email Updates

• Recently Posts

  • Spam is decreasing. Is it the beginning of the end for e-mail?
  • Taming the tablet
  • Free Wifi: Why do we trust it?
  • The true cost of a data breach (Part Two)
  • The true cost of a data breach
  • The Ultimate Combination – Information Protection with Visibility and Audit
  • Gaining Access Control
  • O3 –Control in the cloud
  • Mobile adoption has reached the tipping point, but businesses accept it’s time for a security reality check
  • The internet explodes with gTLDs

• Pages

  • announcements
  • Application
  • Availability
  • backup
  • botnet
  • Cloud computing
  • Complexity
  • Compliance
  • Consumerization
  • cyber-crime
  • data centre
  • data-loss
  • Denial of service
  • disaster recovery
  • Education
  • Green IT
  • impersonation
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • misleading applications
  • Patching
  • Phishing
  • Regulation
  • Reputation
  • SaaS
  • security
  • small business
  • Social Media
  • Spam
  • Speaking
  • Storage
  • trojan
  • Uncategorized
  • Virtualization
  • Virus

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Symantec French contributor - A blog from the French pen of Laurent Heslault
  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy
  • Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
  • Toby Stevens’ Data Trust Blog