Security Roundup: 25% of Windows devices exposed to 700 vulnerabilities, top 10 business apps all have security issues

PCR takes a look at the latest security news in the channel
Author:
Publish date:
Social count:
0
1-pcr-security-lock-web.jpg

This week, Wandera reveals the security issues with the 10 most popular business apps, we find out why Britain’s businesses are being urged to better protect themselves from cyber criminals, and more.

TOP 10 BUSINESS APPS ALL FAIL TO USE SECURE DATA STORAGE

Wandera has announced the findings of its comprehensive security assessment of the most popular business apps used on corporate liable devices by enterprise customers across North America, UK, Europe and Asia.

The ten apps analysed in the research are the ten most widely used by enterprise employees around the world, and have been downloaded an estimated 1.4 billion times from the Google Play store.

Within Apple’s App Store, they fall within the top 0.05 per cent of all published apps and are primarily classified in the business and productivity categories. The apps were put through an extensive security assessment, using the Open Web Application Security Project (OWASP) Mobile Security Risks as a foundation.

According to the OWASP test, the most common vulnerabilities impacting the ten mobile apps are insecure data storage, insufficient transport layer protection, lack of binary protections and poor authorisation and authentication.

“In our increasingly mobile world, enterprises need to gain complete visibility in order to maintain control of their mobile data, ensure compliance and prevent mobile security threats,” comments Eldar Tuvey, CEO of Wandera.

“Security is an essential concern when it comes to mobile app development and it should not be sacrificed for the sake of speed and convenience.”

A QUARTER OF WINDOWS DEVICES ARE EXPOSED TO 700 VULNERABILITIES

Duo Security has analysed data from over two million devices used by businesses around the world to determine the general security health of devices in the enterprise.

Most concerning of the findings is that 25 per cent of all Windows devices are running outdated and unsupported versions of Internet Explorer, which leaves those unpatched systems open to more than 700 vulnerabilities.

Duo research also reveals that 72 per cent of Java users are running an out-of-date version, compared to 60 per cent who have an outdated version of Flash.

42.7% OF IT PROFESSIONALS HAVE NOT BEEN TRAINED IN DATA PROTECTION

Egnyte.com recently surveyed 2,000 IT professionals (UK respondents) via Onepoll around the subject of data sharing, and found that 42.7 per cent of IT professionals have not been trained in data protection.

The poll also found that 13 per cent of IT professional have lost data at work, while five per cent admitted to having experienced a data breach.

22.3 per cent also admitted that they have shared confidential information using an unsecure file-sharing platform, while 14.45 per cent said they have opened an unsecure link from their work emails.

TWO THIRDS OF LARGE UK BUSINESSES HIT BY CYBER BREACH OR ATTACK IN PAST YEAR

Britain’s businesses are being urged to better protect themselves from cyber criminals after government research into cyber security found two thirds of large businesses experienced a cyber breach or attack in the past year.

The research also shows that in some cases the cost of cyber breaches and attacks to business reached millions, but the most common attacks detected involved viruses, spyware or malware that could have been prevented using the Government’s Cyber Essentials scheme.

The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10 per cent had an incident management plan in place.

OLD ANDROID DEVICES AT RISK FROM AUTOMATICALLY DOWNLOADED AND EXECUTED MALWARE

While observing the activity of several cybercriminal groups, Kaspersky Lab researchers have spotted unusual activity in a malicious script, on an infected website, which is putting Android users at risk.

The script usually activates the download of Flash exploits to attack Windows-users. However, at some point it has been changed so that it can check the type of device its victims are using, searching specifically for Android version four and older.

“The exploitation techniques we’ve found during our research were nothing new, but borrowed from proof of concepts, previously published by white hat researchers. This means that vendors of Android devices should account for the fact that the publication of PoCs would inevitably lead to the appearance of “armed” exploits. Users of these devices deserve to be protected with corresponding security updates, even if the devices are no longer being sold at the time,” said Victor Chebyshev, security expert at Kaspersky Lab.

IN OTHER NEWS

– Over half of UK directors only hear about cyber security when there is a breach, according to the 2015/16 Cyber Governance Health Check.

– New Symantec research details an Internet Explorer zero-day vulnerability used in limited targeted attacks in South Korea. The exploit appears to have been hosted on a web page, which suggests that attackers used spear-phishing emails or watering hole attacks to compromise users.

Related