Security Vulnerabilities vs. Security Threats: What’s the Difference?

Security Vulnerabilities vs. Security Threats: What’s the Difference?

Threats and vulnerabilities represent some of the cyber risks that organizations face daily.  While these terms are often used interchangeably, they actually have distinct meanings. In order to have a strong understanding on the types of security issues that can affect your organization, learning how threats and vulnerabilities relate to one another is crucial.

Source: EY Global

The Relationship Between Vulnerabilities and threats

Vulnerabilities and threats are both used to determine an organization’s cyber risk. The close relationship between the two is why these terms are often used interchangeably.

To show the relationship between a threat and a vulnerability, take a phishing attack as an example. Hackers target organizations with phishing emails because they know that employees are often an organization’s weakest link and most common vulnerability. Hackers exploit this vulnerability by sending phishing emails to employee inboxes, making the phishing email a threat. Whether the phishing email actually inflicts damage to the organization depends on whether employees click on the email links. If employees are cyber aware and have undergone cybersecurity training, they most likely won’t fall victim to the attack. On the flipside, an employee who may not be paying close attention to the email or is unaware of phishing as a cyber threat is more likely to click on the link (accidentally or not).

What is a Vulnerability?

Vulnerabilities refer to security weaknesses that can be taken advantage of by threat actors. They can exist anywhere in your infrastructure, from your desktop computers to the applications you use and even your employees. Vulnerabilities aren’t inherently dangerous per se but can cause a lot of damage if they are exploited.  The risk of a vulnerability depends on where the vulnerability is and the potential impact on a business.

How to Minimize Vulnerabilities

To minimize vulnerabilities, organizations need to close the security gaps that exist in their infrastructure. Here are three ways organizations can minimize their vulnerabilities:

Patch regularly: Developers and manufacturers are always updating their products which is why it’s important to install security patches as soon as they’re available. The longer you wait to patch a vulnerability, the more time hackers have to exploit the vulnerability and enter your network.

Conduct an assessment: A vulnerability risk assessment is used to help organizations understand the risks in their infrastructure and identify any vulnerabilities. An assessment will help organizations catch security gaps before they can be exploited and provide actionable suggestions to help improve overall security.

Use a VPN: Many organizations allow employees to work remotely and connect to the corporate network with their own devices. However, remote working can leave organizations vulnerable to being hacked if an employee is using an unsecure network. To safely connect employees to the corporate network, it’s vital they use a VPN. VPNs help encrypt traffic and creates a private connection to the network. 

What is a threat?

Threats refer to events that have the potential to harm an organization. There are several different types of threats, such as malware, ransomware, trojans, etc. Threats are actioned by threat actors who try to leverage vulnerabilities to gain access to a system. These threat actors can be external parties like hackers or insider threats who already have access to your internal systems.

How to Defend Against Threats

Threats are harder to stop because they’re out of your control and hackers never stop trying to steal data. In order to protect yourself from the latest threats, you need to minimize opportunities for hackers to exploit vulnerabilities. Here are three ways to defend against threats:

Use secure solutions: Implementing advanced security solutions throughout every part of your infrastructure will ensure you are protecting every entry point. Protecting your perimeter with a firewall will help keep actors out while using a SIEM will help detect suspicious behaviour that can indicate a threat. To learn more about our security solutions, contact us today.

Protect Account Credentials: Your organization’s credentials are the keys to your network and data. Having a good password policy that also includes multi-factor authentication will help secure your accounts. Encourage employees to never reuse passwords across workplace accounts and ensure that all passwords require unique characters and symbols.

Backup data: Your organization’s data is the primary target for hackers which is why it’s important to protect it. Furthermore, events like hurricanes, fires or floods can also threaten your data. Backing up your data regularly will ensure that you always have a copy in the event you are unable to access your files. It will also ensure that the latest documents are saved.

Threats of the Week – September 16, 2019

Threats of the Week – September 16, 2019

PsiXBot Malware

A new variant of PsiXBot, malware configured for the theft of information and cryptocurrency, has been spotted in the wild which abuses Google’s DNS over HTTPS service.

PsiXBot is a relatively new strain of malware, having first been discovered in 2017. Written in .NET, the malicious code has undergone an array of changes and evolutions, and according to Proofpoint researchers, the latest upgrade includes some very interesting alterations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against PsiXBot Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-23211

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Source: Adobe

How do you protect yourself?

Update Adobe Flash Player to version 32.0.0.255.

Ryuk Related Malware

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.

While Ryuk Ransomware encrypts a victim’s files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker’s control.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Ryuk related malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

How Online Skimming Steals Payment Information

How Online Skimming Steals Payment Information

Online skimming is currently one of the biggest persistent threats affecting retailers and service providers. These attacks infect e-commerce websites with malicious code to steal payment information. One of the biggest perpetrators of online skimming attacks is Magecart, a group of bad actors that target payment websites. Magecart hackers are consistently evolving their techniques. According to research from security researcher Willem de Groot, one in five Magecart-infected stores are re-infected within days.

Source: Willem de Groot

How Do Online Skimming Attacks Work?

1. Gain Website Entry

To start stealing information, bad actors need to find a way to gain access to your website. They can do this by exploiting vulnerabilities, phishing for your website credentials or through hacking into a third-party application. The latter is more common as most websites use third-party applications for functions such as live chat or to track visitor traffic. Bad actors prefer to target third-party providers because they can compromise more websites at once. Third-party breaches are also harder to detect because they don’t compromise the merchant directly. Therefore, a merchant may not realize their website has fallen victim to online skimming until its too late.

2. Inject Skimming Code

Once the door is open and the bad actors are inside, they can start injecting malicious JavaScript code to perform online skimming. This code can be customized to target specific websites or enact specific types of behaviour and can be hidden within normal script. Common scripts include the following:

  • Formjacking: Formjacking is when bad actors swap out legitimate payment forms with fake ones so that any information that is typed out in checkout is sent to another server.
  • Keyloggers: Keylogging scripts are used to record keystrokes to steal information. Bad actors can use keyloggers to determine credit card numbers or passwords.

Regardless of the type of malicious script, the goal is always the same: to steal information.

3. Steal the Payment Data

Once the malicious code is injected, it will lie within the website’s code until it’s triggered by a customer submitting payment information during checkout. Any information submitted is either stored locally on the compromised website or sent remotely to a command server controlled by the bad actors.

Any data harvested by the hackers can be used in a variety of ways. Some may use stolen credit card information to commit fraud or identity theft. Others will most likely sell the data on the dark web.

How to Protect Your Website

Companies with e-commerce websites and third-party providers are at most risk to being hit with online skimming attacks. In order to protect your business, you need to have detection and prevention best practices in place.

Detection Best Practices

1. Perform a risk assessment: A risk assessment will help detect vulnerabilities by scanning your website for any security gaps.

2. Review code: Taking some time to review your website code for any malicious scripts can help detect them before they compromise your website.

3. Review security logs: SIEM can help detect and monitor your networks for suspicious activity by producing security logs that can be analyzed for review. To learn more about our SIEM, contact us today.

Prevention Best Practices

1. Data encryption: All customer payment information should be securely encrypted to prevent bad actors from reading data.

2. Always patch systems: Staying up-to-date with the security patches for your systems and software will help prevent bad actors from exploiting potential vulnerabilities.

3. Review third-party partners: When deciding to implement third-party apps, you need to do your research. Companies that work with payments need to be PCI compliant and you should monitor for their status. You should also assess the types of third party scripts you’re including in your website and determine whether they are actually necessary. Including unnecessary additional scripts make your website more vulnerable to online skimming attacks.

Threats of the Week – September 9, 2019

Threats of the Week – September 9, 2019

Glupteba Malware

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.

The new version has switched to malvertising as the means of distribution and it comes with two more modules besides the newly added Bitcoin blockchain C2 updater, namely an info stealer and an exploit that targets local MikroTik routers.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Glupteba Malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-2176

Android has released its monthly security bulletin. The most severe of these issues is a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. 

Source: Android

How do you protect yourself?

Check Android for the latest security patches and update accordingly.

Nemty Ransomware

The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.

Exploit kits are not as commonly used since they typically thrive on vulnerabilities in Internet Explorer and Flash Player, two products that used to dominate the web a few years ago but are now with one foot out in the grave.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Nemty Ransomware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

3 Key Elements Your Cybersecurity Strategy Needs

3 Key Elements Your Cybersecurity Strategy Needs

Security presents several challenges to organizations nowadays and it can be difficult for organizations to keep up with the increase in cyber threats. Many organizations turn to security solutions to defend against the latest threats. While it’s important to use technologies to provide a layer automated protection, simply using technology alone isn’t enough. Research from Cisco found that only 26% of security issues can be solved by security products alone. In order to defend against the latest threats, organizations need to integrate security within their corporate culture. This includes having cyber aware staff and explicit security policies that employees need to follow. Creating a cybersecurity strategy will help every aspect of an organization, from its people to its process and technology, uphold a strong cybersecurity front.

Source: Cisco

3 Essential Things to Include in Your Cybersecurity Strategy

A cybersecurity strategy is an organization’s first step in having a robust and effective IT infrastructure. There is “no one size fits all” approach as the needs of every business is unique. However, each part of a cybersecurity strategy needs to work together to protect your business. Here are three elements your cybersecurity strategy needs.

1. Clearly Defined Security Priorities

The foundation of your security strategy must be rooted in your organization’s security goals and objectives. It needs to go beyond “block hackers and avoid breaches.” Your priorities should be specific to your organization and focused so that you can develop precise actions to improve your security. It involves looking at your critical resources and assessing the security risks and compliance standards that align with your organization. Once you have established your security priorities and goals, you can start developing standards and best practices to occupy your security strategy.

2. Communication with Executives and Key Stakeholders

Having support from your organization’s executives and stakeholders is incredibly important for your cybersecurity strategy because their attitudes shape security priorities and eventually form how the rest of your organization views security. Security is a business issue and affects everyone from the top down. Your cybersecurity strategy should be embedded within your business initiatives and not siloed with the IT team. Communication between your IT team and executive team is crucial in bridging the two together. Both teams need to work together to establish best practices that work for the organization and to invest in technologies that fit within security budgets.

3. Proactive Threat Management

Many organizations don’t start caring about security until after they’ve been breached. While it’s never too late to start implementing a security strategy, many security incidents could have been prevented if organizations took a proactive approach. Organizations should always be taking a proactive approach to security. Proactive threat management means your threat detection and response is always evolving to defend against the latest threats. It includes implementing the best security solutions, training staff on issues related to cybersecurity and evaluating and remediating security alerts. It takes time, experience and expert security skills to ensure your organization stays one step ahead of threat actors. To learn how Jolera can help defend your organization, contact us today.

Threats of the Week – September 3, 2019

Threats of the Week – September 3, 2019

Ares Botnet

A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet.

The attacks aren’t using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Ares botnet and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-5869

A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

Source: Center for Internet Security

How do you protect yourself?

Update Google Chrome to version 76.0.3809.132.

Trickbot Trojan

A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware’s development.

TrickBot (also known as Trickster, TheTrick, and TrickLoader) is a banking Trojan that has been continuously upgraded throughout the years with new modules and capabilities since October 2016 when it was initially observed in the wild.

While in the beginning it only came with banking Trojan capabilities designed to collect and deliver as much sensitive data as possible to its masters, it is now also become a popular malware dropper capable of infecting compromised machines with other malware families.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Trickbot Trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

5 Ways to Strengthen Your Cyber Defenses

5 Ways to Strengthen Your Cyber Defenses

Due to the ever-evolving threat landscape, organizations must consistently refresh their cyber defenses in order prepare for the next threat. This leads many organizations to increase their cybersecurity investments to keep up. Global spending on cybersecurity services and products is expected to reach $103 billion this year, up 9.4 per cent from 2018 according to IDC.

Implementing security solutions that work is a good foundation for organizations to build their cyber resilience. However, organizations need to also focus on strengthening their cybersecurity defenses with their people, processes and products. Here are 5 things organizations can do right now to increase their cyber defenses.

Source: Cisco

5 Things Your Organization Can Do to Increase Security

1. Stay Updated

Staying updated in everything security related is key to building a good cyber defence. This includes knowing the latest compliance regulations and threats and breaches, as well as updating apps/systems/devices with the most recent patches.

Many states and countries around the world are starting to implement new laws regarding security, which may be relevant to your business. Knowing about compliance regulations can help you avoid large fees and incorporate best practices into your cyber defence strategy.

Learning about recent breaches and how they started can help you look at your own systems and see if there are security changes you need to start implementing. It will also help you understand the latest threats and how they’re targeting businesses so that you can take steps to avoid them.

Malicious actors are always looking for vulnerabilities to exploit, which is why it’s crucial to have them patched as soon as possible. Delaying updates to crucial systems give hackers more leeway into your systems.    

2. Implement Ongoing Training

Employees are an organization’s first line of defense, which is why it’s important to arm them with cyber awareness training.

Employees are constantly targeted by scams like phishing and business email compromise (BEC) emails. Research from Symantec found that organizations received an average of 5 BEC scam emails per month in the past year. It only takes one employee mistake for an organization to fall victim to a data breach.

Organizations can protect themselves against highly preventable attacks by having their employees understand cybersecurity, the threat landscape and how their actions affect your organization’s security posture.  

3. Limit Internal and External Access

Organizations should limit their access whether its internally through privilege access management or externally with separate WiFi for guests.

An organization’s data should not be open to all employees and high privileged accounts should be limited to only those who need them. That way, if one employee account is compromised, the hacker won’t be able to access all the organization’s data. This will also help prevent data leakage and make it easier to track who has access to important documents.

Business WiFi can act as a gateway to your organization’s data. Secure your WiFi so that only employees can access it. For remote employees, they can securely connect to your organization through a VPN. Having a separate WiFi access for guests will help protect them from accessing important files.

4. Remove Unused Services

Accounts, applications and products should be disabled and removed as soon as they are no longer in use. This will help reduce your attack surface and limit unauthorized access to your organization.

Employees that leave can become potential insider threats, which is why their credentials should be disabled as soon as possible. Additionally, all user accounts that are associated with old hardware or applications should also be shut down as well. If a former application gets breached and you didn’t shut down your account, your data may be vulnerable.

Organizations should also be aware of end of life support for the hardware and software they use in their infrastructure. Failing to remove or upgrade can result in security gaps that can be exploited by hackers.

5. Align Business Objectives with Security

While there are general best practices for securing organizations (such as implementing firewalls and protecting inboxes), cyber defense needs will differ between organizations depending on the size of a business and its industry. For example, an ecommerce business will need a separate level of data protection to safeguard payments and customer information.

Organizations need to develop a security strategy that focuses on their risks. They need to establish effective monitoring methods that can address their unique workloads and partner with the right team of experts to help them integrate security measures that work with their business. To find out how Jolera can help your business, contact us today.

Threats of the Week – August 26, 2019

Threats of the Week – August 26, 2019

Adwind Remote Access Trojan

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads.

Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware solutions.

While the Adwind Trojan manages to avoid detection by some anti-malware solutions, sandbox- and behavior-based antivirus software should be capable of detecting and block it successfully.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Adwind remote access trojan and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.


CVE-2019-13602


VideoLAN has released security updates for the VLC media player that address multiple vulnerabilities.

A remote user could create a specifically crafted file that could trigger issues ranging from buffer overflows to division by zero. If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

Source: VideoLAN

How do you protect yourself?

Update the VLC media player to VLC media player 3.0.8.


NanoCore Remote Access Trojan


A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

Uncovered by security researchers at LMNTRIX Labs, NanoCore v1.2.2 offers users a variety of attacks against Windows systems, including the ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against NanoCore remote access trojan and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

5 Reasons Why Data Breaches Still Happen to Organizations

5 Reasons Why Data Breaches Still Happen to Organizations

According to new research by Risked Based Security, data breaches are increasing. Their recent report found that an average of more than 20 breaches have been reported per day during the first half of 2019.

Falling victim to a data breach can be a nightmare for businesses. Just recently, Capital One fell victim to a data breach that exposed the information of 100 million Americans and 6 million Canadians. They’re now facing a $600 million lawsuit here in Canada.

To protect your organization, understanding the common cybersecurity problems that lead to breaches can help defend your organization against them.

Source: 2019 Data Breach Investigations Report

5 Current Cybersecurity Problems That Lead to Data Breaches

1. Attacks are advancing: The threat landscape is constantly evolving as hackers are always coming up with new ways to steal data and breach organizations. These hackers are well trained and have their own communities on the dark web where they share tips and sell data and credentials. People can easily purchase tools like ransomware-as-a-service and DIY phishing kits, enabling anyone to engage in malicious attacks and increasing the amount of threats an organization may face. Organizations need to make sure they’re employing the latest security technologies to help combat cyber attacks.

2. Misconfigured or improper installations of security tools: Implementing security technologies like firewalls or cloud backup is a great way to protect your networks. However, if they are not installed or configured properly, they won’t be able to work as intended and will be vulnerable to being breached. For example, in the recent Capital One breach, a malicious actor managed to exploit a configuration vulnerability in the company’s systems and steal the customer data. Organizations need to make sure that when they are implementing new technologies, or engaging in other IT projects like moving to the cloud, that they’re working with certified experts.

3. Human error: Human error is a common reason for data breaches and many companies feel vulnerable. Nearly 80% of organizations say they’re worried about insider threats according to research from Barracuda. Although actions due to human error (such as accidentally clicking a phishing link) occur without malicious intentions, they still manage to cause serious damage. Fortunately, human error can be prevented with cyber awareness training. It’s important to inform employees of the common cyber threats they encounter daily so that they can be more vigilant while at work.

4. Lack of security assessments: A security risk assessment is used to analyze and identify security defects and vulnerabilities within an organization’s IT environment. Its purpose is to help organizations understand their security risks so that they can take the necessary steps to fix any weaknesses. Security assessments also help organizations determine their return on investment for their security tools and solutions by determining if they are helping to close security gaps. By not doing a security assessment, organizations are leaving their IT environments open to potential vulnerabilities. Having a clear view of an organization’s security posture allows organizations to focus on where they should be putting their security efforts and helps them determine if they’re on the right track. Since the threat landscape is always changing, security assessments should be done at least once a year or whenever there’s a major change in the IT environment.

5. Lack of adequate security staff: Not all organizations have the capabilities to hire security staff that can monitor security alerts and deal with IT issues. Cyber criminals take advantage of this and target small and medium businesses, leaving SMBs vulnerable to cyber attacks. In some cases, non-IT staff might be burdened to share the responsibility of security. This can lead security events to slip past organizations as they might not always be focusing on security. Furthermore, the cybersecurity skills gap makes it harder for organizations to hire adequate security staff. Organizations who are unable to have their own security staff should consider partnering with a managed services provider to take care of their security and IT issues. That way, organizations can feel confident knowing experts are taking care of their infrastructure and can focus on their own business. For more information on how Jolera can help your organization, contact us today.

Threats of the Week – August 19, 2019

Threats of the Week – August 19, 2019

Norman Cryptomining Malware

A newly-discovered form of cryptocurrency-mining malware is capable of remaining so well-hidden that researchers investigating it found that it had spread to almost every computer at a company that had become infected.

The malware has been built to be extremely persistent and it keeps in regular contact with a command and control server, which if needed, could provide new instructions or terminate the malware, although researchers note that during the analysis, no new commands were received.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Norman cryptomining malware and similar threats. Ensure your systems have the latest patches installed. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE-2019-8077

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update the Adobe software to the latest version.

Cerberus Malware

A new banking trojan for Android devices relies on the accelerometer sensor to delay its running on the system and thus evade analysis from security researchers.

Payload and string obfuscation are normal techniques for making analysis and detection more difficult, but Cerberus also uses a mechanism that determines if the infected system is moving or not.

Source: Bleeping Computer

How do you protect yourself?

Proper security measures must be in place to defend against Cerberus malware and similar threats. Ensure your systems have the latest patches installed. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.