Debian Linux had the most vulnerabilities last year, VMware security updates released, and more.
Welcome to Cyber Security Today. It’s Wednesday, February 16th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
The top nine of 10 products with confirmed software vulnerabilities last year were desktop or enterprise versions of Linux. That’s according to the latest report from a company called Risk Based Security. The top product was Debian Linux, with 1,218 confirmed vulnerabilities found last year. In second place was openSUSE Leap, and in third place was Fedora Linux. Three versions of Red Hat Enterprise Linux were also in the Top 10 list. Interestingly, the report points out that no Microsoft product was in the top 10. In 2020, five Microsoft products were in the Top 10 list of having the most vulnerabilities. However, if you looked at which software companies made the Top 10 in the total number of vulnerabilities for all their products last year, Microsoft was number five. Ahead of it were, in order, Oracle, Google, SUSE Linux, and, at number one, IBM. What should IT leaders make of this? The report says don’t assume that IBM is the worst offender. Instead look at the Top 10 individual products with the most vulnerabilities. That will be of more practical use for evaluating what you buy.
Attention administrators of on-premise or co-located VMware products: The company has released security updates for four products that need to be installed immediately. The products are ESXi, Workstation Pro, Fusion Pro and Cloud Foundation. VMware says the ramifications of these bugs are serious, especially if attackers have access to workloads inside your environments.
Ransomware victims around the world paid at least $602 million last year to identifiable web addresses controlled by attackers. That’s according to researchers at Chainalysis. Their work is still going on and the final number is expected to increase. After all, last year it initially said it tracked $350 million in ransomware payments in 2020. The final number was $692 million. Of all the money tracked so far last year the gang that got the most money was Conti, which extorted at least $180 million from victims. One measure of how successful crooks find ransomware: Twenty new ransomware strains emerged last year, bringing the total seen to at least 140. However, many strains have been re-branded and are actually operated by the same group. The average ransomware payment size was over $118,000 in 2021, up from $88,000 in 2020. That’s in part because crooks are going after bigger targets.
Users of the Zoom conferencing desktop client or mobile app have make sure they’re running the latest version. Here’s the latest reason why: There’s bug in the Zoom client for macOS that shows the orange indicator microphone light staying after you leave a meeting, a call, or a webinar. That’s right – you leave a meeting but the mike is still open. Make sure you update to version 5.9.3.
Finally, if you use Google Chrome make sure it has the latest update. A new version is being released over the next few days to fix a number of serious holes.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.