Cyclical information system vulnerabilities

by

Changes in season, solar eclipses, appearances of strawberry moon, changes in tide, similarly the various security vulnerabilities in information systems.

In 2015 there was a security issue with Adobe Type Manager Deluxe 4.0 and in 2020 zero-day RCE vulnerabilities in windows version of Adobe Type Manager Library.

In 2016 Adobe Reader and Acrobat vulnerabilities and in 2020 there are still multiple vulnerabilities in Adobe Acrobat and Adobe Reader. The source of most of this is possibly Adobe's insistence to turn a document format into a platform similar to HTML markup forms presented by a web browser and served by a client server architecture.

PDF format and other office document formats have possibly been used for distribution of malware for over a decade. There are demonstrations of how PDF documents are used to distribute malware on YouTube - a popular video sharing platform.

Some of the vulnerabilities of Windows are also cyclical. For example the print spooler vulnerability finds it's way in Windows releases since Windows Vista. Please see reference below.

Mitigation of DDoS attacks in the headlines and news feeds are common. In 2016 prominent websites were shutdown by a large DDoS attack. In 2020 Amazon Web Services mitigated 2.3 Tbps DDoS attack. In 2020 not to be out done, Akamai mitigated the largest 385 million packets per second DDoS attack.

In 2016 a auto maker's network was facing ransomware attack and in 2020 the auto maker is reported to be the victim.

Take great care in case your edge node server operating system with web hosting services, and the web application hasn’t been updated for a year. Some of the common bugs and security issues of web software also cyclically occur. Take for example SQL Injection associated with a prepare function used in Wordpress. This particular issue spans from version 2.3.0 to 4.8.1. Fixed in one version to be fixed again in another version.

Another cyclically occurring vulnerability. A famous Linux server database driver software unixODBC widely used when connecting a web application or any script to unconventional database used for a given server environment.

The immediate take away for website owners is to update your entire stack. Beginning from operating system, web server, and down to your website being interpreted by your end users web browsers.

References

"2016 Straberry moon" (https://www.washingtonpost.com/news/capital-weather-gang/wp/2016/06/20/a-rare-coincidence-the-full-strawberry-moon-meets-the-summer-solstice/)

"2016 straberry moon"

"2020 Strawberry moon"(https://www.space.com/strawberry-moon-lunar-eclipse-june-2020.html)

"2020 Strawberry moon"

"2020 Super snow moon" (https://nypost.com/2020/02/08/when-and-where-to-see-this-weekends-super-snow-moon)

2020 Super snow moon

"2020 Super Moon video" (https://www.youtube.com/watch?v=3Ztx_7BhmTc)

Super moon video

"Adobe Type Manager 2016" (https://nvd.nist.gov/vuln/detail/CVE-2016-3220)

Adobe Type Manager 2016

"Adobe Type Manager 2020 " (https://kb.cert.org/vuls/id/354840)

Adobe Type Manager 2020

"Adobe Reader 2016" (https://kb.cert.org/vuls/id/354840)

Adobe Reader 2016

"Multiple Vulnerabilities Adobe Reader and Acrobat 2020" (https://www.tenable.com/plugins/nessus/134706)

Multiple Vulnerabilities Adobe Reader and Acrobat 2020

"DDoS 2016" (https://www.mainone.net/ddos-attacks-shut-down-amazon-twitter-and-netflix-among-others/)

DDoS 2016

"DDoS akamai mitigation 2020" (https://blogs.akamai.com/2020/06/akamai-mitigates-sophisticated-144-tbps-and-385-mpps-ddos-attack.html)

DDoS akamai mitigation 2020

"DDoS Amazon mitigation 2020" (https://www.theverge.com/2020/6/18/21295337/amazon-aws-biggest-ddos-attack-ever-2-3-tbps-shield-github-netscout-arbor)

DDoS Amazon mitigation 2020

"unixODBC" (https://www.cvedetails.com/vendor/12200/unixodbc.html)

unixODBC

"2016 Ransomware attack on Auto Makers network" (https://www.zdnet.com/article/two-thirds-of-companies-pay-ransomware-demands-but-not-everyone-gets-their-data-back)

2016 Ransomware attack

"2020 Ransomware attack is the Auto Maker" (https://jalopnik.com/honda-seems-to-be-the-victim-of-a-ransomware-attack-1843953940)

2020 Ransomware attack victim is a Auto Maker

"Wordpress SQL injection" (https://wpvulndb.com/vulnerabilities/8905)

Wordpress SQL injection

"Windows Print Spooler vulnerability" (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-087)

"Windows Print Spooler Vulnerability"
Z Data Tech https://www.zdatatech.com/logo/zdatatech-logo.png Last modified: January 30, 2023
Suggested
Advertisement