In mid-July 2023, in a report warning about nine information security vulnerabilities existing in Microsoft products, the National Cyber Security Center (NCSC), an arm of the Authority of Information Security (AIS), reminded agencies, units and businesses of the five flaws being exploited, including CVE-2023-36884 in Office and Windows, CVE-2023-35311 in Microsoft Outlook, CVE-2023-36874 in Windows Error Reporting Service, CVE-2023-32046 in Windows MSHTML and CVE-2023-32049 in Windows SmartScreen.
VCS has recently released a report on security vulnerabilities exploited by hackers in the first half of the year. During the monitoring of Vietnam’s cyberspace, VCS’s technical system recognized a high number of attacks exploiting serious holes on common products used as a jumping board for hackers to initially penetrate the system and conduct the next toxic behaviors.
VCS’s report showed that the majority of the holes exploited by hackers existed in website source codes and serious holes existing in previous years in popular IT products. The most known vulnerabilities include CVE-2020-7961, CVE-2019-16891, CVE-2019-18935, CVE-2017-9248, CVE-2022-41040 and CVE-2022-41082.
“The reason is that the organizations using IT products with existing holes still have not updated with patching versions or fixing solutions. This is one of the favorites of attack groups,” VCS said.
The experts warned that in the last months of the year, hackers will continue to carry out attacks via the newly announced holes. In order to prevent the attacks, administrators have been told to update information and apply security measures to ensure safety for their systems.
Mentioning the risk of attacks via security vulnerabilities, AIS said during the digital transformation process, the number of apps and information systems of organizations and enterprises has been increasing rapidly, so vulnerabilities and risks have been appearing more regularly.
The more rapidly technology develops, the more risks and challenges will appear. Even if agencies and enterprises attach importance to cybersecurity from the very beginning, new holes will still turn up. The most important thing to do is discover risks as soon as possible and handle them promptly.
AIS has applied many measures to help prevent risks from systematic vulnerabilities, such as assessing and defining security holes with a high danger level and large-scale impact, so as to guide agencies and enterprises to fix them.
To date, 88 units including 63 provinces and cities and 25 ministries and branches have deployed anti-malware solutions and shared information about malware with the NCSC.
Van Anh