The BSI report on IT security in Germany is alarming in its findings. In 2023, the Federal Office for Information Security reported an average of 68 new vulnerabilities in software products daily, totaling almost 25,000 new vulnerabilities annually. These security-related errors were found in various programs, from industry-specific applications to server software and smartphone apps. Almost 47 percent of these vulnerabilities allowed unauthorized commands or program code execution, putting users at risk of ransomware installation, security measure bypassing, access rights extension, and data theft or blackmail.
In August 2023, a security vulnerability was discovered in the popular Winrar program, allowing attackers to execute scripts on users’ computers. Win.rar GmbH released version 6.23 to fix the error, but many users may still be using vulnerable earlier versions. Other products using Winrar’s compression mechanism, like the Total Commander file manager, are also at risk.
VLC Media Player has had its share of security vulnerabilities, with issues discovered in the Linux version and critical security vulnerabilities affecting all users in 2022. Videolan has released version 3.0.20 to fix the problems.
Google Chrome had a vulnerability related to the Webp graphics format, which also affected many other applications. Patches have been available for browsers, but users need to update any software that can read Webp graphics to the latest version.
To protect against these vulnerabilities, users are advised to install available patches and new software versions as they become available, use a tool like Ucheck to check for updates regularly, employ a password manager, use two-factor authentication where possible, back up important data regularly, be wary of phishing emails, and verify the sources of emails from banks, streaming providers, and delivery services.
In November 2023, vulnerabilities were found in Foxit PDF Reader and Foxit PDF Editor, allowing for memory errors and execution of arbitrary malicious code. A new version has been released to address these issues.
Lastly, Microsoft’s new Outlook stores IMAP access data in the Microsoft cloud, potentially compromising email security. As Microsoft transitions users to the new Outlook, it is important to be aware of this change and its implications for email privacy.