Skip to main content
Monthly Archives

October 2015

||

Cybersecurity Strategy Needs To Be More Dynamic

By NewsNo Comments

The digital world moves very fast, but a new survey claims that cybersecurity strategy does not move fast enough to keep up with threats — and experts tend to agree.

A new survey conducted by the SANS Institute and sponsored by Illumio Inc. broke down common attack vectors and pain points in cybersecurity strategy. Illumio’s takeaway was that cybersecurity needs to get more dynamic and adaptive. Experts tend to agree on that, but don’t agree on how to achieve adaptability.

The survey, The State of Dynamic Data Center and Cloud Security in the Modern Enterprise, polled 430 security and risk professionals across a range of business sizes and found that 44% of the respondents who had experienced a breach and were able to share their experience suffered the loss of sensitive data. Respondents also revealed that 63% had experienced at least one breach resulting in data loss over the past 24 months.

[vc_single_image image=”7291″ img_size=”full” alignment=”center”]

Illumio found that fears about attacks didn’t always match the reality of attacks. While 68% of respondents feared attacks that took advantage of access management vulnerabilities, only 18% blamed access management as the actual root cause of compromise in breaches.

While experts agreed that cybersecurity strategy needs to change in order to be faster, more dynamic and more adaptive, how to best do that was a point of disagreement.

[vc_single_image image=”7289″ img_size=”full” alignment=”center”]

Robert Brown, director of services for Verismic Software, advocated for increased use of cloud and subscription services.

“I have seen evidence of the vast infrastructure these companies use, like Dropbox and Office365, which have the crème de la crème of resources and technology working to keep your data and service as safe as possible. I’ll encourage everyone to use the cloud, and I see very little to sway me otherwise.”

Read the full article at techtarget.com

The Usual Suspects: October Patch Tuesday

By News, Patch Management, Patch TuesdayNo Comments

Could this be Christmas come early this month?  Microsoft released a very light Patch Tuesday, quite possibly the smallest of the year so far. However, it’s still important to plan your repair strategy this month as there is far more than just Microsoft updates to worry about.

Microsoft’s release consists of 6 patch bulletins (3 critical and 3 important), which is reported to resolve a total of 33 individual vulnerabilities. The usual suspects of Windows, Internet Explorer, Office and Edge make up the usual offenders. More urgently, we have been made aware of a specific threat to Windows today with the publication of information about Dridex P2P Malware by the United States Department of Homeland Security (DHS) & the Federal Bureau of Investigation (FBI). This threat is actively targeting the banking industry by stealing bank credentials on unpatched systems.

[vc_single_image image=”5375″ img_size=”full” alignment=”center”]

You may imagine this kind of malware to be some sophisticated technology, however this impacts the trusted Microsoft Office suite. Dridex is capable of stealing credentials, obtain bank details, email addresses and can be infected by simply opening an attachment on an email. We highly encourage all IT Security Administrators to make sure their staff know what to do with unsolicited emails – send such emails to the trash.

Be on the lookout for the latest updates of Google and Adobe products. These guys are resolving more than 90 combined vulnerabilities almost beating Microsoft by triple this month. We recommend you pay particular attention to APSB15-24 which is an update for Adobe Acrobat and Adobe Reader which is documented as resolving a whopping 55 vulnerabilities.

All content from the following table will be added into the Syxsense subscription shortly. We will be recommending our patch management as a service (PMAAS) clients consider the following updates for their remediation cycle this month as a priority; MS15-106, MS15-108, MS15-109 and MS15-110 by combining the vendor severity, independent CVSS score and their current exposure. The most important update in this release in our opinion is MS15-106 due to the active exploits already being reported and CVSS score 9.3 which will likely impact our customers the most.

The independent CVSS scores range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Patch Number

Executive Summary

Vulnerability Type

Vendor Severity

CVSS Score

MS15-106

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Critical

9.3

MS15-108

This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.

An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and, if the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Critical

9.3

MS15-109

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.

Remote Code Execution

Critical

9.3

MS15-110

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Important

9.3

MS15-111

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Elevation of Privilege

Important

7.2

MS15-107

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Information Disclosure

Important

4.3

25 Executives Reveal the Things They do Every Day to Succeed

By UncategorizedNo Comments

President and CEO, Ashley Leonard, discusses his daily habits

Examine the people running profitable companies and you’ll find leaders who often share one remarkable trait: consistency. Check out these quotes from 25 successful executives regarding the daily habits that help them get ahead in business and life.

[vc_single_image image=”7170″ img_size=”full” alignment=”center”]

1. Never waste a lunch.

“Since I eat every day it doesn’t make sense that I waste that time alone. I find that when my days are filled breaking bread with other owners, clients, key employees and close friends, not as many crises come up. Why? Maybe because most crises originate from our closest circles, or maybe I’m just better informed. Either way, it’s a smoother sail.”

–Charles Antis, CEO of Antis Roofing & Waterproofing, which serves more than 1,000 California communities.

[vc_single_image image=”7181″ img_size=”full” alignment=”center”]

2. Write one thank you note every day.

“Whether it’s to a customer, business partner, mentor or friend, it only takes five minutes and serves as a simple way to acknowledge the folks who have helped you, to memorialize and to be grateful for what has been accomplished. It’s also a great way to re-inspire yourself in the process. Showing gratitude is a forgotten practice in today’s world, but it goes a long way.”

–Anna Brockway, cofounder and and Chief Curator of SF-based, Chairish, a website and mobile app for buying and selling vintage and pre-owned furniture, decor, jewelry and accessories.

[vc_single_image image=”7182″ img_size=”full” alignment=”center”]

3. Be in the moment.

“Focus on one task or one meeting at time. Otherwise, you’ll find your mind wandering and you might miss essential information, which can lead to poor business decisions.”

–Giovanni Marcantoni, founder and CEO of Social Leagues, which organizes and produces social sports leagues in New York, Baltimore, Denver, San Francisco and Charlestown, S.C.

[vc_single_image image=”7078″ img_size=”full” alignment=”center”]

4. Don’t hide in your office.

“Too many CEOs are separated from their businesses and their teams by taking the big corner office. I strongly believe that as a CEO I’m a more effective leader by being with my team. I hear more of what is going on. I am more approachable and I can address problems quicker by dumping the office and being with the team. Sure, you need to deal with sensitive meetings and calls sometimes, but all you need is a small meeting room.”

–Ashley Leonard, CEO of Verismic Software, an award-winning cloud-based IT management technology and green solutions company.

Read the full article at Inc.com

[vc_single_image image=”7184″ img_size=”full” alignment=”center”]

Verismic Enhances Award-Winning Syxsense

By NewsNo Comments

International Software Company Enables Greater Security, Inventory Change Tracking and Patching With Latest Updates to Its Innovative IT Management Solution

ALISO VIEJO, CA–(Marketwired – Oct 13, 2015) – Verismic, a global leader in cloud IT management technology and green solutions, today announced the launch of new features and updates to its award-winning Syxsense . CMS is a first-of-its-kind agentless, cloud-based IT management software that has revolutionized the way IT professionals engage in systems management. This updated version of Syxsense includes IT inventory change tracking, seamless patching and more.

“The latest updates allow us to provide our clients with visibility into their always changing IT environment, patch seamlessly, and more through CMS’ systems management capabilities,” says Verismic president and CEO, Ashley Leonard. “Our team is performing exceptionally well at identifying and implementing what our clients want and need.”

[vc_single_image image=”7464″ img_size=”full” alignment=”center”]

Verismic’s cloud-based IT management software is an easy-to-install and easy-to-use solution that is perfect for one-person IT shops, larger IT teams and Managed Service Providers. It is accessible from any supported web browser with no software to install.

Updates to CMS include:

  • Inventory history, which allows clients to compare the configuration of a machine over unique points in time to identify configuration problems, assisting the helpdesk answer the question “What Changed” as well as addressing security issues — a feature that has been applied in advanced forensics cases to isolate security issues.
  • Office patching, gives added support to Microsoft Office patches.
  • Client proxy support, which adds support for enhanced security between devices and the internet.
  • Remote control enhancement, which has increased speed, stability and reliability.
  • Power manager reporting, which continues to provide enterprises with cost-and energy-savings as one of the most awarded PC power management solutions.

CMS has been recognized with many honors since its launch in 2014, including a 2015 Cloud Computing Excellence Award by TMCnet’s Cloud Computing Magazine, Gold Winner for Most Innovative IT Software in the 10th Annual IT World Awards by Network Products Guide, the Top Innovator at the prestigious Association for Corporate Growth Awards and the Most Innovative Product at the Best in Biz 2014 awards.

For more information about Verismic’s innovative and award-winning Syxsense, visit www.syxsense.com.

||

Improving Energy Efficiency and Enterprise Security With Cloud-Enabled Technology

By News, Patch ManagementNo Comments

“There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.” – Ashley Leonard, President and CEO of Verismic Software

Several years before FBI Director James Comey made that bold, now infamous proclamation on CBS’s 60 Minutes, the National Science and Technology Council (NSTC) partnered with the National Science Foundation (NSF) to initiate a federal strategic plan for cybersecurity research and development.

In December 2011, the two organizations adopted a comprehensive agenda that aimed to minimize the corruptive use of cyber technology, improve education and training, and establish a science of cybersecurity.

Since then, however, the colossal numbers of data breaches among some of the country’s most respected retail chains have been mind-boggling. You name it — Target, K Mart, Michael’s, Neiman Marcus, Home Depot, Dairy Queen, Staples — leaks of customers’ personal data and the increased vulnerability of retail chain enterprise networks have quickly morphed into a fiscally precarious situation.

[vc_single_image image=”6550″ img_size=”medium”]

In July 2014, the U.S. Computer Emergency Readiness Team issued an advisory, stating that at least 1,000 businesses in the U.S. had been affected by Backoff malware, which targets the retail industry’s point-of-sale (POS) systems to mine customers’ personal and financial data. With POS checkout terminals, self-check units, PCs and back-office servers, retail companies encounter multiple attacks in stores and company headquarters every day, whether they know it or not.

From compromised credit card information, to sabotaged enterprise networks, security issues are rooted in a combination of challenging factors, including: a highly complex and distributed infrastructure of geographically dispersed stores, the use of public cloud storage, and a lack of on-premise IT professionals who can quickly respond to critical issues when they arise. Continually drawing against revenue, security concerns are forcing retail chain stores to spend millions to protect their networks, while searching elsewhere for solutions to cut costs without sacrificing quality.

Read the full article at chainstoreage.com.