7 vulnerabilities/groups of vulnerabilities can greatly affect Vietnamese users

According to the National Cyber ​​Security Monitoring Center – Department of Information Security, Ministry of Information and Communications, in the week from May 29 to June 4, 2023, international organizations have announced and updated the following information: update at least 668 vulnerabilities, of which 144 are High, 97 are Medium, 01 are Low, and 426 are unrated. Among them, there are at least 74 vulnerabilities that allow the insertion and execution of code.

The technical system of the Department of Information Security actively scans Vietnam’s cyberspace, assessing and statistics show that there are 07 vulnerabilities/groups of vulnerabilities on popular IT products and services, which can have a great impact. to users in Vietnam: Group of 19 vulnerabilities in Microsoft, Group of 07 vulnerabilities in Linux, Group of 07 vulnerabilities in Dell, Group of 96 vulnerabilities in WordPress, Group of 13 vulnerabilities in Huawei, Group of 03 vulnerabilities in Samsung Galaxy Store , Group 09 vulnerabilities in IBM.

Last week in Vietnam, there were many servers and devices that could become a source of DRDoS attacks. During the week there were 52,453, (up from the previous week 51,601) devices that are likely to be mobilized and become a source of DRDoS attacks. These devices are open using NTP (123), DNS (53), Chargen (19) services.

During the week, there were 463 cases of attacks on Vietnamese websites/portals: 450 cases of phishing attacks, 13 cases of malicious code attacks.

In the world, there are many websites that fake large organizations, businesses, suppliers and services such as: Social networks, banks, email… Vietnam has many users of these services. Foreign applications (both free and paid) such as social networks, Payment, Apple, Paypal … so users need to be very wary of fake websites to steal accounts.

According to statistics, during the week, there were 288 cases of fraud reported by Vietnamese Internet users to the National Cyber ​​Security Monitoring Center (NCSC) via the system at https://canhbao .khonggianmang.vn. Through inspection and analysis, there are many cases of frauds impersonating banks’ websites, e-commerce sites, etc.

According to the National Cyber ​​Security Monitoring Center, with the mentioned risks and warnings, units need to regularly update information (such as attack campaigns of APT groups, information IoC attached to each campaign, weaknesses and vulnerabilities being exploited to exploit, …), review on information systems to detect, prevent, and handle timely.

For the weaknesses and vulnerabilities in the Security Vulnerability section, the unit should pay attention to monitor and update patches for vulnerabilities related to the product in use. In addition, those units that already have an account on the “Automatic Vulnerability and Vulnerability Warning System” at https://service.khonggianmang.vn , the administrator can add products. are using to monitor and receive alerts as soon as new vulnerabilities arise.

For the risks of denial of service attacks, web attacks in the Risk Statistics section, attacks in Vietnam, the unit needs to review and minimize the opening of service ports that can be hacked. used to perform denial of service attacks; regularly check and review web servers to promptly detect and handle the risk of attacks.

In addition, for the IPs/domains mentioned in the List of malicious IPs/domains that have many connections from Vietnam, it is necessary to check and handle devices in the entire network if there are signs. signals connecting to malicious domains that the Department of Information Security has shared.

For fake websites that are warned of the risk of phishing attacks on Vietnamese users, units need to pay attention not to access the mentioned websites to avoid the risk of phishing attacks, improve Be aware of yourself and educate your friends, relatives and people around you to avoid falling victim to these phishing attacks.