A serious exploit has been found by Google in their WebP code that assists in handling images on the Internet. This exploit is already being used by attackers to gain access to people’s computers and is a profoundly serious threat. The code is used in many applications and operating systems, including Windows, macOS, Linux, iOS and Android. It is used in all the common web browsers and a wide variety of other applications.
As this code is so extensively used, the full list of affected applications is yet to be determined but is known to include Microsoft Office, Libre Office, web browsers like Edge, Chrome, and Firefox, as well as security applications like 1Password, chat applications like Discord and a great many applications that allow images to be stored or uploaded into the cloud.
Taking proactive control of your IT security is more important than ever, and the UK government’s Cyber Essentials framework offers an excellent baseline for solid cyber security. It recommends the following important controls:
On all devices (desktops, laptops, servers, smartphones, tablets etc):
- Uninstall any applications that you no longer use or are no longer supported by the vendor
- Ensure your operating system and remaining applications are regularly patched up to date –check for new patches at least weekly, if not daily
- Ensure your operating system is one of the latest editions and fully supported
- Ensure that the user profile you use on a day-to-day basis does not have system administrator rights – administrator accounts should only be used temporarily whilst completing admin tasks
- Ensure that your computer is running anti-virus/malware software and that this is both active and up-to-date.
As a minimum practice, we also always recommend ensuring that all your data is backed up daily, preferably to cloud storage.
We have extensive experience implementing the Cyber Essentials framework – please contact us for more information on how we can help you implement it.
We are also able to offer remote monitoring and management including automated patching, as well as “all you can eat” support agreements.