Skip to main content
Monthly Archives

January 2017

The Best of 2016: Our Year in Review

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Our Year In Review

2016 was a big year for Syxsense. As a company, we are constantly growing, adding new features and always focused on our customers.

IT systems management is frequently changing and it’s crucial to keep up with the latest news, strategies and updates. Every month, we share the latest Microsoft and third-party patches, explaining which to prioritize and how to implement the most effective patch strategy.

With plenty of changes on the way for 2017, be sure to stay on top of patching and IT systems management in the new year. Even when other tasks fill up your to-do-list and seem more important, prioritizing patching is the best New Year’s resolution for any IT manager. Explore the highlights and some of our favorite content from the past year.

Top Whitepapers

Top Videos

Top Posts

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]
January 18, 2017
Love0

Patch Tuesday: January Patches Bring February Headaches

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

New year, new steer for Microsoft patching professionals

Microsoft has released four bulletins in total of which two are rated Critical and 2 rated Important. Last week, they released 22 KB non-security updates for Office 2013 / 16 and an update for Word Viewer.

Overall, this is a fairly uneventful release for the first month of 2017 with Microsoft seemingly winding down in preparation for the newly launched Security Updates Guide database that will become the monthly patch Tuesday resource as of next month.

This move on the face of things looks like a good idea, but how will this be perceived by businesses that are used to choosing their updates? This new practice changes the way information is referenced and will most certainly cause a headache for IT administrators who will have to rethink their whole patch management procedure.

James Rowney, Service Manager for Verismic said, “When I first read about this last year, I couldn’t believe that Microsoft were taking such a valiant step towards forcing updates. This really feels like Microsoft is taking an intermediary step towards mimicking the Apple approach of just applying a updates / patches without notification. While this approach does seem to work for Apple I am not so sure that Microsoft has an OS stable enough to follow this practice just yet.”

Chrome coming into its own

Google announced at the end of 2016 that they would be marking web pages as unsecure if the page is not served using HTTPS and holds personal data like login details or financial input tables. These changes will only apply from Chrome revision 56 onwards so we can expect to see this take gradual effect as browsers update as opposed to a flick of a switch scenario.

[vc_single_image image=”11077″]

These changes go hand in hand with Google’s plan to encourage its users to adopt secure login methods. There are obvious pitfalls here as HTTPS doesn’t keep certificates or TLS liberties up to date and webmasters could also see negative movement on their Google rankings. However, this is generally a positive step forward.

Google recently announced that they hit a milestone where more than 50% of their desktop pages now load over HTTPS. Further information and the official notification can be referenced here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

To help your IT Security Officers, we have chosen one update from this Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS17-003 – Late comer to this month’s releases is this security update to Adobe Flash Player, research indicates that this could have been a Zero Day release later in the week and affects all supported versions of Windows. The urgency to get this out shows the importance of this update, we recommend that this patch is rolled out with high priority at your earliest convenience.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Bulletin ID

Description

Impact

Restart Requirement

Severity

CVSS Score

MS17-001

Security Update for Microsoft Edge (3199709)

This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

Elevation of Privilege

Requires restart

Important

6.1

MS17-002

Security Update for Microsoft Office (3214291)

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

May require restart

Critical

7.8

MS17-003

Security Update for Adobe Flash Player (3214628)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016

Remote Code Execution

May require restart

Critical

9.3

MS17-004

Security Update for Local Security Authority Subsystem Service (3216771)

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Remote Code Execution

Denial of Service

Important

7.5
January 11, 2017
Love0

2016: The Year of Ransomware

By Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Rise of the Cybercriminal

Ever watch the end of year “World’s dumbest criminals?” You know the ones: the handsome gentleman caught on camera robbing a convenience store while his sidekick fills out a lottery form complete with name and address.

Unfortunately, cybercriminals aren’t quite so easy to catch. With ransomware incomes hitting almost $1 billion in 2016, what you can expect in 2017 is continued reinvention and more growth in the world of cybercrime.

Kaspersky declared 2016 to be the year of ransomware. This financial malware victimizes users and forces them to pay significant amounts of money to release systems from a locked state. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than in the same quarter of the prior year. Hardly a day goes by without a new ransomware attack or variant making headlines. Witness just a few of the attacks in 2016:

  • October, San Francisco public transportation ticketing machines and transit stations taken offline.
  • Hollywood Presbyterian Medical Center in Los Angeles had its ambulances diverted and access to medical records, x-rays, and CT scans denied.
  • Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services.
  • In May, The University of Calgary was attacked by a ransomware that locked staff, students and faculty out of their emails.

If anything, cybercriminals are getting smarter. In late December 2016, federal prosecutors charged hackers with insider trading. Using data garnered from the computer systems of U.S. law firms that handle mergers, hackers manipulated the stock market to generate more than $4 million in illegal profits.

Many cyber-attacks could be avoided if IT departments adopted a regular patch-deployment process. What difference can a small patch make? What was once a small crack in defenses transforms into computer crashes, data leaks, and corruption. Zero-day attacks are cyber-attacks against software flaws that are previously unknown.

The wily hacker searches for and ultimately finds an error, a loop hole, made by the programmer. Whether the programmer worked on the Windows operating system, your internet browser, Flash, or the myriad of other programs you rely on every day, coders are bound to make mistakes. Criminals love it. Zero-day loop holes exploit that human error.

[vc_single_image image=”11077″]

Because they rely on known entities like malware signatures or URL reputation, standard organizational defenses like virus protection or firewalls are powerless against zero-day threats.

The cybercriminal leverages the unknown and uses the time between when the loophole is found, and the leak is patched to do as much irreparable damage as possible.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button][vc_empty_space]

Usually, these types of threats are possible only with some end-user permission, such as clicking OK or downloading a file. In 2016, Adobe announced a bug that affected customers by exploiting a vulnerability in a browser’s Flash plug-in. In this case, infection occurred by simply looking at an infected Web page. Breathing easy because you don’t use Windows? Don’t. Updates are required for OS X and Linux operating systems, too.

Terrifying to think a single employee could click a link, access a website, or download software and expose the entire organization to risk.

Among the predictions for next year from an Intel Security McAfee Labs report are an increase in attempts of dronejackings, more intrusive mobile phone hackings and malware aimed at exploiting the Internet of Things. Hackers will become increasingly adept at bypassing existing corporate defenses, and ransomware remains a top concern. Other threats growing in 2017?

  • Watering hole attacks, laser focused attacks on high valued targets
  • Class action lawsuits against companies that fail to protect customer’s personal data
  • Distributed Denial of Service (DDoS) attacks like the ones that temporarily took down Amazon, Twitter,Netflix and others

In its fourth annual “Data Breach Industry Forecast” white paper, security company Experian says it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. “While some tried and true attacks continue to serve as go-to methods for hackers, there are evolving tools and targets that are likely to become front-page news in 2017. Organizations can’t wait until an attack happens to ensure they are protected—they need to look at the signs early on to start preparing for new types of security threats,” the report said.

With the 2017 onslaught of vulnerabilities, you’ll need a wall of defenses – combating attacks on multiple fronts. Patch and keep operating systems, antivirus, browsers, Adobe Flash Player, Quicktime, Java, and other software up-to-date. According to a Barkly study, common security safeguards including email filtering, firewalls, and antivirus aren’t enough to stop cybercriminals. They found 95 percent of ransomware attacks can bypass firewalls, and 100 % bypassed antivirus protection. Be sure to double down on protection in 2017. Are you using an automated patch management system? Do you have an organized method of discovering, evaluating, and deploying software updates?

What’s one guaranteed prediction for 2017? Programmers will keep making small mistakes, and hackers will continue to turn them into big profits. Someone ends up the victim, don’t let it be your business.

January 5, 2017
Love0