Skip to main content
Monthly Archives

March 2016

|

IT Forensics in the Cloud

By News, Patch ManagementNo Comments

In 2013, 7 percent of U.S. based organizations reported a loss of $1 million or more, while 19 percent of organizations in the U.S. reported a loss of $50,000 or more, all stemming from the mishandling of computer network information either intentionally by cyber criminals or inadvertently by unsuspecting employees. When this happens, IT security, managers and department staff are then left with the daunting task of locating the source of the problem, which is often time-consuming and costly, especially in instances where financial loss has occurred due to data breach or theft.

Certain cloud-based technologies streamline processes for IT departments that can prevent assets from being compromised, and aid in locating equipment or software issues in an efficient and cost-effective fashion. These cloud-based systems improve on the following factors that routinely plague IT departments:

1. Time-consuming software distribution.

2. Inadequate accounting systems for hardware and software equipment.

3. Incorrect updates to software and security patches.

4. Attempts to digitally disguise theft and data breaches.

Leading cloud-based IT solutions implement digital forensics in IT systems management in four areas for optimal benefits.

[vc_single_image image=”7928″]

Automatic Software Installation

Unapproved software installs are extremely common, especially among businesses who have remote workers or employees. Anyone with administrative level privileges can install unauthorized software without approval.

New technologies enable IT managers to easily identify the installed software, when it was installed, and who signed in to the system to use the unauthorized software. Micro responders communicate with the cloud instance enabling IT managers to manage devices outside the network regardless of location.

Tracking Equipment Inventory

There are several reasons why equipment would not be in one central, physical location in an organization at a given time. Software and hardware equipment may be out for repair, or an employee could be working from home. If equipment is illegally obtained, it can be difficult for IT managers to know exactly where the equipment is and if it is in use.

With today’s leading cloud management solutions, IT managers are able to access information regarding when the software was last used, last seen, and which user accessed the software or equipment. Unique micro responders allow you to access the history of what’s happened in the system. This information directs IT managers to find the physical location of the equipment.

[vc_single_image image=”8197″ img_size=”medium” alignment=”center”]

Patch Management

Installing or updating incorrect software can slow down a PC’s performance, making it difficult for users to complete tasks in a timely manner. This is one of the most common issues PC users face, and it ultimately leads to numerous calls to the IT department to determine what can be done to fix it. Typically, the conversation begins with, “My computer is running slow and I don’t know why.” Often, the customer will not recall who completed an incorrect software update or when this occurred. It’s a nuisance for a customer who has a full day of work-related tasks to try and remember the last time software was updated.

With cloud management solutions, the IT manager can easily and remotely remove an incorrect update without having to question the customer. Also, integrated cloud-based IT patch management systems allow for automated updates to software to help users avoid making an incorrect update in the future. This can virtually eliminate the software update as an issue if the customer calls again and says, “My computer is running slow and I don’t know why.”

IT Inventory and Reporting

Whenever a device’s disk encryption is altered for any reason, this can cause panic for IT managers and especially IT security managers. Encryption changes can attempt to cover up a data breach or expose an organizations data, risks that very quickly make them vulnerable to cyberattacks. IT departments need to have a system in place that is quick and discreet in order to limit any further loss.

With cloud management system-based forensics, users are able to locate who changed the disk encryption and secure any information that may be compromised by the data breach. This is a case where an ounce of prevention is worth a pound of the cure, and having a cloud-based IT management system already in place can prevent IT asset loss.

This article was originally featured on itbriefcase.net.

Out of Band Update for Flash

By Patch ManagementNo Comments

By James Rowney, Service Manager of Verismic Software

MS16-036 is a critical out of band update and resolves 20 vulnerabilities in Adobe Flash Player on all supported versions of Windows Server 2012, Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, and Windows 10. This bulletin addresses vulnerabilities by updating the Adobe Flash libraries contained within all supported versions of Internet Explorer and Microsoft Edge. We recommend that this update be installed with the highest priority.
[vc_single_image image=”6006″ img_size=”medium” alignment=”center”]
A successful attacker will exploit this vulnerability to gain Remote Code Execution giving them full access to the targeted device. The vulnerabilities can be exploited by redirecting users to malicious websites specifically set up for the purpose of attack using Search Engine Poisoning, hacking legitimate websites and email documents, PDF, Word etc. with malicious Flash content.
[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]
This update, in my opinion, should be a business’s highest priority and therefore should be deployed with the utmost urgency. Flash exploits are increasingly becoming the vulnerability of choice, and with the wide spread use of the application, this means we are all exposed. My advice would be to uninstall Flash, Silverlight and Java browser extensions, and test to see if they are really necessary. Microsoft published on Monday, March 7 that 14 vulnerabilities would be released in this month’s Patch Tuesday updates, but only 13 made it through. MS16-036 was held back at the last minute due to the discovery of CVE-2016-1010. The zero-day vulnerability was discovered by Anton Ivanov of Kaspersky Labs, but no additional details have been released.

In an e-mail, a Kaspersky representative wrote: “Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks. At this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.”

Additional Information
Should you have the need to install any language packs then this update will need to be reapplied, Verismic Software advises that any pending language pack installs are applied prior to installing MS16-036

Vulnerability Information
This security bulletin addresses the following vulnerabilities which are described in Adobe Security Bulletin APSB16-08: CVE-2015-8652, CVE-2015-8655, CVE-2015-8658, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010.
Read the full article at appdevelopermagazine.com.

||

Why Software Patching Is Essential In Today’s World

By Patch ManagementNo Comments

By Robert Brown, Director of Services

A few years back, business came to a grinding halt for a European supermarket chain when it was infected with the Conficker virus. The virus caused the system to slowly use up all the system resources at more than 500 stores and 20,000 devices until they all stopped working, leaving all the company’s stores virtually in the dark. Worse, the virus was able to remain in memory and allude the incumbent antivirus solution, leaving lasting effects from this a very nasty virus for the company.

[vc_single_image image=”6550″ img_size=”medium” alignment=”center”]

An effective patch management process, in addition to antivirus solutions, can proactively close the holes that are so often used by hackers to gain access to data. While an antivirus solution will always be needed, patching is equally as important, if not more so.

Antivirus solutions don’t actually stop viruses from infecting your system, they merely clean them after delivery. In the supermarket example, contractors were hired to manually connect to each device and clean the virus using tools provided by its existing antivirus company. After more than 10,000 hours of overtime and countless hours of change management, the system was presumed clean of the virus.

But, they didn’t install the latest patches, so after all this, the company still wasn’t safe. One week later, the virus, still lurking in exposed areas of the system, spread through the system again. The company had to repeat the remediation process. This time, each system was patched to ensure the virus was properly held at bay.

[vc_single_image image=”7824″ img_size=”medium” alignment=”center”]

Avoiding doomsday scenario with proper patching

The first step in protecting a system is to set a strategy for regular and effective patching along with an antivirus protection plan. Guessing on timing or randomly downloading patches will result in bad, or ineffective, patching. Companies that do not have a fully supported patching policy often end up blaming the product for the problem. If they had deployed the patches with proper testing, they could have avoided this negative perception. Look for the right solutions partner or patch service to help you set up a regular patch policy and toolset that fits your company.

How to start patching effectively

There are a few steps to follow to get your company’s infrastructure to where it needs to be – safe from exposure and running as efficiently as it can:

1. Scan and identify missing updates, then rank them by risk. Be proactive. You want a safe environment and optimum performance with your machines; filling in the gaps of missing updates by maintaining patch policy will get you there. Start by scanning and identifying updates on endpoints. Your solutions partner can help you detect what is missing on what device, no matter where your endpoints are. Don’t leave out any devices under your Bring Your Own Device policy. Those users could unknowingly expose the company to exploitation and viruses. When they come back to the office, the infection spreads to the network and – boom – a cyber-attack happens.

To rank which patches you need to tackle first, use severity and exposure to prioritize the order of which patches to deploy first. You can look to the Common Vulnerability Scoring System (CVSS), a free and open industry standard for assessing the severity of computer system security vulnerabilities to help you determine which risks get patch priority. The Department of Homeland Security uses CVSS score when reviewing specific risk to business structure and networks.

2. Test before deploying companywide. Before you set off into deploying patches, you’ll need a testing strategy. Not all patches are the right version for your devices and software. Identify those that most appropriately match, then make a few test runs to be sure all will run smoothly. First, don’t start with your own device; you’ll need it to correct any issues. Second, check to see if the patch has an uninstaller – one of the most important things in any testing strategy. If the patch has no method to uninstall, you have to do extra tests. Next, communicate that you’re about to update and give your coworkers the instructions they need to follow to ensure the patch is successfully deployed. Just to make sure it did, watch the installation run on a colleague’s machine. Finally, always test with an open mind. Take note of what happened, what failed, what needs to be tweaked. If you see a failure after deploying the patch, you should go back, uninstall the patch and reinstall it. Investigate if the issue is in the hardware, device or the software.

3. Schedule patch deployments to suit your business. Don’t wait until you have the IT hours to implement a round of patches. Set a specific day each week, or month at the least, to deploy any necessary patches and stick to it. Make this time a priority in order to save your company time and expense in correcting the problem after a breach has occurred.

4. Report any repair activity and patch deployment success. Reports that show any breakdowns and what was done to repair them are especially helpful in determining how the next patch will go. Reporting on your success has many benefits, too. You can show company leaders where you were, how dangerous things were, and let them see the success and increased security as each patch clears. Without the reports, you have no tangible evidence and return on investment. You and your team are doing a great job – reports can show measurable success and efficiency helping you get the recognition your team deserves for saving the company from risk and from financial inefficiencies.

5. Design an efficient remediation plan. If something goes wrong, you’ll need a remediation plan based on your reports. The reports will also guide you in providing repair information to help you complete change management.

[vc_single_image image=”7256″ img_size=”medium” alignment=”center”]

Antivirus solutions alone will not protect you from a security breach. Adding an effective patch management strategy is the key to keeping your data and your company safe from cyberattacks and running efficiently. Avoid a doomsday scenario with proper patching, so your company won’t be left with a crippled infrastructure exposed to unnecessary risk.

Learn more about patch management with Syxsense.

This article was originally posted on Homeland Security Today.

||

Spring Forward to a New Browser

By News, Patch ManagementNo Comments

Spring is in the air and so are a number of bulletins! This month’s Patch Tuesday consists of 13 security bulletins – six critical and seven important – that remediate a total of 44 vulnerabilities. Although the number of security bulletins is one of the highest seen this year, the overall number of fixes remains relatively low. This is good news for organizations ramping up their business activities this spring.

One of the critical bulletins (MS16-023) resolves 13 vulnerabilities in Internet Explorer. Surprisingly, five resolve issues in Internet Explorer 9, which was scheduled to be decommissioned back in January. Organizations using a browser older than Internet Explorer 11 can breathe a sigh of relief as their browsers are updated for the second month in a row. Regardless of this update, it’s highly recommended to plan your migration to a new browser soon rather than later.

[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]

In addition to the browser updates, there are five other Remote Code Execution Vulnerabilities and four Elevations of Privilege, which should be a priority. All 13 patches recommend a reboot to ensure the vulnerability has been remediated. Unfortunately, this will be a headache for your users.

Adobe to Release 6 Updates

February’s Microsoft updates contained a patch that specifically secures Flash within Microsoft Office. Adobe had its own updates for February in the release of APSB16-04 and will release six more updates with priority two classification this month.

As a point of interest, these updates are not yet being exploited. Affected products targeted by these critical vulnerabilities include Acrobat DC and Acrobat Reader DC 15.010.20059, Acrobat and Acrobat Reader DC 15.006.30119 and Acrobat XI and Reader XI 11.0.14 with earlier versions. Adobe is known for routinely sending patch updates to all its products with most vulnerabilities being discovered in-house.

Near the end of 2015, Adobe released 70-plus patches between October and December. There were 77 released in December for Flash alone! They were all rated critical, and with the growing use of Flash by websites, this is a major concern for end users.

[vc_single_image image=”7532″ img_size=”medium” alignment=”center”]

An article published in Security Week noted how Adobe released updates to patch a total of 460 vulnerabilities, which included more than 100 in Acrobat and Reader. The company fixed these with three security updates that were issued in May, July and October. Acrobat and Reader received security patches for 17 exploits, which also included memory corruption vulnerabilities. It seems obvious that these vulnerability numbers will only get higher. Hopefully, Adobe will soon provide a solution to combat this issue.

Verismic recommends the following vulnerabilities be prioritized this month using vendor severity and CVSS scores; MS16-023 through MS16-030 paying particular attention to MS16-023, which is exposed to Internet Explorer memory corruption.

MS16-023 resolves vulnerabilities in Internet Explorer. If exposed, this vulnerability could allow remote-code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If this vulnerability is exploited on an administrator’s machine, the attacker will be able to create spoof admin accounts enabling him to take control of this system and others, removing AV protection and potentially stealing data.

The most severe of the vulnerabilities for MS16-024 could allow remote-code execution if a user views a specially crafted webpage using Microsoft Edge. It’s important to note that only Windows 10 is affected. This update resolves 11 vulnerabilities, the second highest in this baseline, and does require a reboot.

Exploiting MS16-025 could allow remote-code execution if Microsoft Windows fails to validate the input before loading certain libraries. However, this only impacts Windows Vista and Server 2008. This vulnerability is unlikely to reach mainstream companies.

MS16-026, MS16-027 and MS16-028 are similar in that they can only exploit a network if an attacker convinces a user to open a specially crafted document. A restart is recommended to complete this update.

An attacker who successfully exploited MS16-029 or MS16-030 could run arbitrary code in the context of the current user. However, those accounts that are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.

MS16-031 resolves a vulnerability in Microsoft Windows. The vulnerability could allow Elevation of Privilege if attackers are able to log on and enter a target system and run a specially crafted application. A reboot is required to complete this update.

MS16-032 is marked as important and uses a secondary logon to address Elevation of Privilege, which affects all supported versions of Windows. If the secondary logon service fails to manage memory requests correctly, then this will be exploited. A restart is recommended to complete this update.

MS16-033 resolves vulnerabilities in external access devices specifically specially crafted USBs. If inserted into a device, they could allow the attacker elevated privileges access to the system. This patch is rated important, and a restart is recommended to complete this update.

MS16-034 blocks Elevation off Privilege if an attacker logs into the system and runs a specially crafted application to attack Windows Kernel-Mode drivers. It is rated important, and a restart is required to complete this update.

MS16-035 marks the third month in a row that Microsoft has released a similar .Net Framework update. This vulnerability bypasses the security features of .Net using a specially crafted XML document and is marked as important. A restart is recommended to complete this update.

Read the full article at channelpartners.com.

||

Syxsense Launches New Feature: Remote Desktop Access for Mobile Workforces

By NewsNo Comments

International Software Company Adds Browser-Based Desktop Access to Agentless Platform

ALISO VIEJO, CA–(Marketwired – Mar 21, 2016) – Verismic Software, the creators of the award-winning, agentless, cloud-based IT management software solution, Syxsense, today announced Remote Desktop Access as an added feature to its signature product. The new offering provides swift, secure, and comprehensive access to the user’s work computer through any browser. Recent winners of TMC’s Cloud Computing Product of the Year Award, CMS continues to drive innovation with its offerings.

[vc_single_image image=”8419″ img_size=”medium” alignment=”center”]

“Remote Desktop Access increases mobility and flexibility for end users,” says Verismic president and CEO, Ashley Leonard. “With many companies prohibited from providing laptops to all users, we believed it was important to allow access to endpoints away from the office.”

Remote Desktop Access drives efficiency for end users with worldwide access to endpoints through any Internet browser. CMS continues delivering comprehensive endpoint management for IT professionals and end users alike.

“Many of today’s businesses don’t operate in a confined space,” says Leonard. “They have offices overseas, roaming users or individuals who are unable to make it to the office that day. Providing agentless access to work consoles from any Internet browser boosts productivity and control across the entire environment.”

[vc_single_image image=”7291″ img_size=”medium” alignment=”center”]

Critical components of Remote Desktop Access include:

  • Accessibility. No software needed to connect to endpoints, just a simple browser — using HTML5
  • Security. Superior protection, enhanced with a hardened password
  • Swift. Accesses work computers, including documents
  • Compatibility. Works with tablets and mobile devices

Syxsense allows small and large IT teams, as well as MSPs, to manage devices inside and outside their network from the cloud without needing to deploy an agent. Remote Desktop Access further complements CMS by enabling individuals to access their work computers and retrieve documents through any browser.

Learn more about Remote Desktop Access and its benefits here.

For a product demonstration or more information on Syxsense, visit www.syxsense.com.

About Verismic: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ; Power Manager; Software Packaging and Password Reset. For more information, visit www.verismic.com.

|

March Patch Tuesday Closes Holes in Internet Explorer, Edge Browsers

By News, Patch Management, Patch TuesdayNo Comments

Despite ending support for Internet Explorer 9 in January, Microsoft continued to issue patches.

Microsoft released 13 bulletins, including five critical updates to address remote code execution vulnerabilities, for March Patch Tuesday.

Both Internet Explorer (IE) and Microsoft Edge browsers received critical cumulative security updates that addressed remote code execution (RCE) vulnerabilities. MS16-023 resolves 13 vulnerabilities in IE that could give an attacker the same user rights as the current user and could allow the attacker to take control of the affected system.

Of the 13 vulnerabilities MS16-023 addresses, five are for IE 9, which was supposed to be decommissioned in January.

[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]

“[MS16-023] actually replaces MS16-009 from the last baseline. MS16-009 was the very first patch that included support for IE9 after they officially depreciated the support,” said Robert Brown, director of services for Verismic Software. “So a lot of our customers are very happy because they are not ready to upgrade Internet Explorer 9 yet.”

The second critical cumulative security update, MS16-024, resolves 11 vulnerabilities in the Edge browser that could give an attacker the same rights as the current user.

Both browsers have received cumulative security updates every month since September 2015. “Because the Web gets more complicated and because it is always changing, it makes it very challenging to patch,” said Wolfgang Kandek, CTO for security vendor Qualys Inc., in Redwood City, Calif. “At this point, it is a certainty that the browsers will get an update every month.”

[vc_single_image image=”7824″ img_size=”medium” alignment=”center”]

Some vulnerabilities rated more urgent

Microsoft has its scoring system, but it doesn’t always recognize the severity of its vulnerabilities correctly, said Brown. Its ratings are not always in alignment with the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of a security vulnerability on a scale of 0 to 10. MS16-023 has a CVSS of 9.3 and is rated as critical by Microsoft, but MS16-025 has the same CVSS and is only rated important.

Some security analysts feel this important bulletin should be at the top of a Windows Server administrator’s to-do list because “that’s a vulnerability in the Windows library that will affect Windows Server systems, even if no one is logged into it,” said Brown.

MS16-025 could allow an intruder to perform RCE through a vulnerability in the Microsoft Windows library for systems running Windows Vista and Windows Server 2008. The attacker would first need to get behind a system’s defenses to execute this attack.

Although Microsoft rated the updates for IE and Edge as critical, they did not receive the highest priority for the Windows Server operating system, said Brown.

“It’s very unlikely that anyone is using Internet Explorer on a server,” he said. “Usually servers are running in the background and don’t have an active user [on them].”

Read the full article at techtarget.com.

|

Verismic Software Hires New Product Manager

By NewsNo Comments
[vc_single_image image=”8802″ img_size=”full” alignment=”center”]

ALISO VIEJO, CA–(Marketwired – Mar 7, 2016) – Verismic Software, a global innovator of cloud-based IT management technology and green solutions, is expanding its pool of talent with the announcement of recent hire, Diane Rogers, as its new product manager.

With over 20 years of marketing and technology leadership at notable industry names: Borland International and Macromedia (now Adobe), Rogers brings extensive technical knowledge and management savvy to an organization extending its global footprint in cloud management technology services.

“What attracted me to Verismic is its position in the high growth IT solutions market, combined with a brilliant and unique product architecture,” says Rogers. “Seldom do you get the opportunity to join an innovative startup that also has more than 25 years of industry experience.”

In her position as product manager, Rogers will act as a liaison between Verismic’s engineering and sales departments, and the firm’s clientele.

“My number one priority is ensuring Syxsense meets the customer’s needs, and exceeds their expectations,” she says.

Rogers has a proven record of delivering outstanding performance in product releases including: Flash, Dreamweaver, dBase, C++, Shockwave, and Freehand. Additionally, her team lead role in the establishment of Shockwave.com, the online gaming hub, demonstrates that her skillset is a perfect fit for Verismic, which prides itself on furnishing its customers with premier technology offerings.

“We could not be more excited to have Diane join our exceptional team,” says Verismic president and CEO Ashley Leonard. “When you look at the quality organizations she was involved with, and the innovative systems she has managed and launched, there is no doubt we have added a superior asset to our dynamic brand.”

[vc_single_image image=”8197″ img_size=”medium” alignment=”center”]

Rogers’ wealth of experience incorporates strong ties to Silicon Valley, and she has worked with industry legends: Apple’s late visionary, Steve Jobs, C# architect Anders Hejlsberg, and technology entrepreneur Phillipe Kahn. Her impressive resume includes a position as vice president of product management and marketing at Macromedia. She has also tested her own entrepreneurial energy underscoring an attribute of creativity and passion that Verismic desires. A graduate of the University of California, Berkeley, with a bachelor’s degree in law and legal studies, Rogers is looking forward to her opportunity at Verismic.

“It was a privilege to work on projects with some of the luminaries in our business,” says Rogers. “Now, I look forward to translating what I’ve taken from each of these positions to phenomenal success at Verismic.”

About Verismic: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense; Power Manager; Software Packaging and Password Reset. For more information, visitwww.verismic.com.