Types of Cyberattack, Specific Risks and How to Mitigate those Risks
Please note that the list of cyberattack types is distributed by the Canadian Centre for Cyber Security and the means to mitigate is provided by third parties. This information is not meant to be exhaustive and Skyway West is not responsible for omissions or mistakes.
What is the Microsoft Exchange Server Memory Handling Vulnerability, what is the risk and how can you mitigate that risk?
Microsoft Exchange Server (2010, 2013, 2016 and 2019… various updates) has a memory handling vulnerability that allows an attacker to execute an operating system command remotely.What is the Microsoft Exchange Server Vulnerability, what is the risk and how can you mitigate that risk?
Microsoft Exchange Server (2013, 2016 and 2019) has a vulnerability that allows an attacker to write an arbitrary file and execute it remotely. An error in the software allows senders to bypass authentication, install programs and run them.What is the Zimbra Collaboration Suite Vulnerability, what is the risk and how can you mitigate that risk?
Zimbra Collaboration Suite (ZCS) has the ability to import messages that contain ZIP archives and will automatically unarchive the contents. An error in the software allows senders to bypass all authentication, install programs and run them.What is a Connectionless LDAP Service Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Lightweight Directory Access Protocol (LDAP) allows remote users to lookup directory data. An LDAP Directory usually contains information about users, but may also contain data about printers, servers, conference rooms, other equipment, etc. LDAP is the protocol used to access the proprietary Microsoft Active Directory. Although LDAP is not Active Directory specific, ...What is the Internet Key Exchange Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Internet Key Exchange (IKE) is security protocol used by various Cisco brand devices, all Microsoft servers and some Linux/UNIX servers. IKE has two versions. Devices use IKE to send each other keys that positively identify each party before they begin data transfer. Internet Protocol Security (IPSec) uses IKE; IPSec is ...What is the AFP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Apple Filing Protocol (AFP) allows Apple OSX computers to share files across a network. This can be handy (and easy) when used in small, trusted networks. Why is it a risk? When your Apple OSX Server is connected to the Internet, enabling AFP may unintentionally expose your server’s files to the world. ...What is the Enforced CredSSP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Remote Desktop Protocol (RDP) allows a remote computer to take control of a computer in your network. RDP comes pre-installed for Microsoft Windows but can also be used with Apple OSX computers. RDP is used by many to work-from-home; it’s also used by IT support departments to perform remote maintenance and ...What is exposed Ubiquiti, why is it a risk and how can you mitigate that risk?
What is it? Ubiquiti produces routers, radios, switches, gateways and wireless access points. Why is it a risk? The AirOS firmware in these devices has a bug that can be exploited without any authentication. According to their advisory (link below) “Simply having a radio on outdated firmware and having its http/https interface exposed to the ...What is exposed VNC, why is it a risk an how can you mitigate that risk?
What is it? Virtual Network Computing (VNC) is a platform-independent remote desktop control system. There are numerous VNC implementations (LibVNC, TightVNC, UltraVNC, etc.) which run on Windows, Linux, macOS, iOS, Android and other operating systems. VNC uses port 5900 or 5800. VNC is used for work-from-home scenarios and for remote troubleshooting and maintenance ...What is a Freak SSL attack, what is the risk and how can you mitigate that risk?
What is it? Secure Sockets Layer (SSL), and the more modern Transport Layer Security (TLS) are encryption/decryption techniques used by computers when transferring data; https web sites use this technology. There are several algorithms that can be used to do the de/encryption. When a client computer contacts a server computer, they negotiate which algorithm ...What is an Open Service FTP Vulnerability, what is the risk and how can you mitigate that risk?
What is it? File Transfer Protocol (FTP), first introduced in 1971, is one of the oldest Internet protocols. It is used to transfer files from one computer to another on a network. FTP uses ports 20 and 21. FTP does not encrypt file transfers OR login credentials. Recently, major browser vendors have disabled ...What is an SSL Poodle Attack, what is the risk and how can you mitigate that risk?
What is it? Secure Sockets Layer (SSL), and the more modern Transport Layer Security (TLS) are encryption/decryption techniques used by computers when transferring data; https (“hypertext transfer protocol secure”) web sites use this technology. There are several algorithms that can be used to do the de/encryption. When a client computer contacts a server computer, ...