USCG Alerts Operators To Act on Recently Identified Security Flaws

1183

The U.S. Coast Guard alerts maritime stakeholders and operators to address those recently-identified security flaws, reports Safety4Sea.

Identified security flaws

As the Microsoft released software fixes to address 49 vulnerabilities, the U.S. Coast Guard alerts maritime stakeholders and operators to address those recently-identified security flaws, in order to protect their business networks and servers, reducing the possibilities of a dangerous cyberattack.

Set of critical vulnerabilities 

  • The National Security Agency was the first one to identify a set of critical vulnerabilities in many of Microsoft Windows and Windows Server’s versions. 
  • Microsoft from its side, recently published software updates to face those vulnerabilities.

The first vulnerability 

  • The first vulnerability observed, impacts all machines using Windows 10 operating systems, involving Windows Server 2016. 
  • Meaning that an attacker could access in trusted identifies – individuals, web sites, software companies, service providers, or others.
  • By using a forged certificate, the attacker could enter to vulnerable systems, sending a spiteful executable file. 
  • With the file appearing to be from a trusted provider and a digital signature on it, the user could not realize its nasty purposes.

Other vulnerabilities 

Other vulnerabilities could further impact the RD Gateway Server in versions of Windows Server 2012 and newer. Namely, the server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request.

Cybersecurity and Infrastructure Security Agency (CISA) said, “New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date.”

“Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.”

Installation of updates

In light of the cyber threats situation which affects the maritime industry, the Coast Guard strongly urges stakeholders in the maritime community to install these updates as soon as possible.

Did you subscribe to our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Safety4Sea