SolarWinds & Trickbot: Cybersecurity News from the Week of 07/12/21
Posted by: GuidePoint Security
Published: July 21, 2021, 9:30am
Vulnerabilities and patches dominated the news last week, including a new critical patch issued by SolarWinds and vulnerabilities discovered in programmable logic controllers used in millions of manufacturing, utilities, and automation devices. The notorious TrickBot malware also continued its resurgence last week as Russian-based criminals continued to overhaul the Trickbot attack infrastructure.
- SolarWinds issues patch for critical vulnerability
- Vulnerability in programmable logic controllers threatens millions of industrial devices
- Russian-based Trickbot malware now spying on victims
Final Words
No software is perfect, and threat actors will do everything in their power to find a way to breach a system. That’s why it is so important for businesses to acknowledge that bugs do exist and to work with security researchers to identify and patch any type of vulnerability. To their credit, businesses that distribute software and hardware are stepping up to the plate. Organizations are increasingly recognizing the challenges associated with vulnerabilities and urging their users to patch, patch, patch.
Yet even with information and patches in hand, thousands (if not millions) of businesses are failing to patch vulnerabilities in a timely manner. (Or, in some cases, ever!)
Good patch management practices are critical to securing a business. Organizations are reminded to:
- Apply patches promptly and according to patch release cycles.
- Run regularly scheduled vulnerability scans.
- Run scan reports and conduct additional research on potential application or system vulnerabilities.
- Prioritize patching to the highest risk applications.
- Patch all software/hardware vulnerabilities and not limit patching to only high-profile applications, like Microsoft.
- Clearly define the team responsible for patch management and make sure they’re adequately staffed.
- Test the patches before deployment.
- Grant the patch management team the right levels of authority to get the work done.
As massively large-scale breaches go global, getting back the basics of patch management can go a long way to protect businesses.
GuidePoint Security