Cyclical information system vulnerabilities

by

Changes in season, solar eclipses, appearances of strawberry moon, changes in tide, similarly the various security vulnerabilities in information systems.

In 2015 there was a security issue with Adobe Type Manager Deluxe 4.0 and in 2020 zero-day RCE vulnerabilities in windows version of Adobe Type Manager Library.

In 2016 Adobe Reader and Acrobat vulnerabilities and in 2020 there are still multiple vulnerabilities in Adobe Acrobat and Adobe Reader. The source of most of this is possibly Adobe's insistence to turn a document format into a platform similar to HTML markup forms presented by a web browser and served by a client server architecture.

Mitigation of DDoS attacks in the headlines and news feeds are common. In 2016 prominent websites were shutdown by a large DDoS attack. In 2020 Amazon Web Services mitigated 2.3 Tbps DDoS attack. In 2020 not to be out done, Akamai mitigated the largest 385 million packets per second DDoS attack.

In 2016 a auto maker's network was facing ransomware attack and in 2020 the auto maker is reported to be the victim.

Take great care in case your edge node server operating system with web hosting services, and the web application hasn’t been updated for a year. Some of the common bugs and security issues of web software also cyclically occur. Take for example SQL Injection associated with a prepare function used in Wordpress. This particular issue spans from version 2.3.0 to 4.8.1. Fixed in one version to be fixed again in another version.

Another cyclically occurring vulnerability. A famous Linux server database driver software unixODBC widely used when connecting a web application or any script to unconventional database used for a given server environment.

The immediate take away for website owners is to update your entire stack. Beginning from operating system, web server, and down to your website being interpreted by your end users web browsers.

References

"2016 Straberry moon" (https://www.washingtonpost.com/news/capital-weather-gang/wp/2016/06/20/a-rare-coincidence-the-full-strawberry-moon-meets-the-summer-solstice/)

"2016 straberry moon"

"2020 Strawberry moon"(https://www.space.com/strawberry-moon-lunar-eclipse-june-2020.html)

"2020 Strawberry moon"

"2020 Super snow moon" (https://nypost.com/2020/02/08/when-and-where-to-see-this-weekends-super-snow-moon)

2020 Super snow moon

"2020 Super Moon video" (https://www.youtube.com/watch?v=3Ztx_7BhmTc)

Super moon video

"Adobe Type Manager 2016" (https://nvd.nist.gov/vuln/detail/CVE-2016-3220)

Adobe Type Manager 2016

"Adobe Type Manager 2020 " (https://kb.cert.org/vuls/id/354840)

Adobe Type Manager 2020

"Adobe Reader 2016" (https://kb.cert.org/vuls/id/354840)

Adobe Reader 2016

"Multiple Vulnerabilities Adobe Reader and Acrobat 2020" (https://www.tenable.com/plugins/nessus/134706)

Multiple Vulnerabilities Adobe Reader and Acrobat 2020

"DDoS 2016" (https://www.mainone.net/ddos-attacks-shut-down-amazon-twitter-and-netflix-among-others/)

DDoS 2016

"DDoS akamai mitigation 2020" (https://blogs.akamai.com/2020/06/akamai-mitigates-sophisticated-144-tbps-and-385-mpps-ddos-attack.html)

DDoS akamai mitigation 2020

"DDoS Amazon mitigation 2020" (https://www.theverge.com/2020/6/18/21295337/amazon-aws-biggest-ddos-attack-ever-2-3-tbps-shield-github-netscout-arbor)

DDoS Amazon mitigation 2020

"unixODBC" (https://www.cvedetails.com/vendor/12200/unixodbc.html)

unixODBC

"2016 Ransomware attack on Auto Makers network" (https://www.zdnet.com/article/two-thirds-of-companies-pay-ransomware-demands-but-not-everyone-gets-their-data-back)

2016 Ransomware attack

"2020 Ransomware attack is the Auto Maker" (https://jalopnik.com/honda-seems-to-be-the-victim-of-a-ransomware-attack-1843953940)

2020 Ransomware attack victim is a Auto Maker

"Wordpress SQL injection" (https://wpvulndb.com/vulnerabilities/8905)

Wordpress SQL injection
Z Data Tech https://www.zdatatech.com/logo/zdatatech-logo.png Last modified: July 3, 2020
Suggested
Advertisement