Skip to main content
Monthly Archives

July 2017

||

Ransomware Aftershocks: August Third-Party Patch Update

By News, Patch ManagementNo Comments
[vc_single_image image=”12822″ img_size=”medium”]

Ransomware Aftershocks

Even after remediation, the effects of ransomware can still be felt. The feelings of security have been stripped away and replaced with a nauseating sensation of vulnerability.

A public TV and radio station in San Francisco, KQED, knows this feeling. After being infected with ransomware demanding 1.7 bitcoin per PC, the FBI advised wiping the infected computes.

Even a month after the attack, the station is still doing work to fix the affected machines. But what has also been a surprise is the damage was to more than just their data. The wireless network and email servers went down at their headquarters, so they moved operations to UC Hastings. It has interrupted all levels of work, from broadcast to hiring of new employees.

This radio station isn’t the only company reeling long after a ransomware attack. Fedex has been reported as saying that was affected by NotPetya and that some damage was permanent. It’s expected that this business interruption will create significant decreases in revenue.

[vc_single_image image=”12386″ img_size=”200×200″]

The most effective way to protect yourself and your business against disaster is keeping your systems up to date. Malware relies on the idea that people won’t keep their software 100% up to date. And for good reason, keeping everything updated can be a nightmare. But utilizing a solution like Syxsense can simplify everything. CMS can show you at a glance which devices have out of date software. You can then quickly build a task to deploy needed updates.

Come check out Syxsense with a free trial today!

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

 

 

Product Category Patch
Chrome Web Browser Chrome_v59.0.3071.134
Wireshark Network Protocol Analyzer Wireshark_v2.4
Firefox Web Browser Firefox_v54.0.1
Glary Utilities PC cleanup Glary_v5.80.0.101
Trillian Instant Messenger Trillian_v6.0 Build 60
WinSCP SFTP, SCP, and FTP client for Windows WinSCP_v5.9.6
WinMerge Open source differencing and merging tool for windows. WinMerge_v2.14
MediaMonkey Media manager MediaMonkey_v4.1.17.1840
PuTTY SSH and Telnet for windows and unix. PuTTY_v0.70
Foobar2000 Audio Player Foobar2000_v1.3.16
Java Programming language Java_v8u141
KeePass Password Safe KeePass_v2.36
Foxit Reader PDF reader FoxitReader_v8.3.1
FileZilla FTP solution FileZilla_v3.27.0.1
Paint.net Image editing software Paint.net_v4.0.17
iTunes Media player iTunes_v12.6.2
Adobe Reader DC Pdf reader AdobeReaderDC_v17.009.20058
Shockwave Multimedia platform Shockwave_v12.2.9.199
Flash Multimedia platform Flash_v26.0.0.137
AIR Runtime Code Distribution AIRRuntime_v26.0.0.127

 

Patch Details
Chrome_v59.0.3071.134 Includes bug fixes, security updates, and feature enhancements.

 

Wireshark_v2.4 Large number of new and updated features. New and updated protocol support. Major API changes. New and updated capture file support.

 

Firefox_v54.0.1 Now uses multiple operating system processes for web page content to increase speed and stability. Fixes: Display issue of tab title. Display issue of opening new tab. Display issue when opening multiple tabs. Tab display issue when downloading files. PDF printing issue. Netflix issue on linu.

 

Glary_v5.80.0.101
Optimized Disk Cleaner: added support for ‘PerfectDisk 13.0’ and ‘Adobe Reader 7.0

Optimized Tracks Eraser: added support for ‘Nero Burning ROM 15’ and ‘AceHTML 6 Pro

Optimized Quick Search: optimized the path sorting algorithm, and speed up by 100%

Minor GUI improvements

Minor bug fixes

Trillian_v6.0 Build 60 Fixed:

Media: Media may not correctly send if DNS is incorrectly set up.

Message Window: History messages may incorrectly duplicate in the window from previous versions of Trillian.

 

WinSCP_v5.9.6 Hotfix. German translation updated.

·  Back-propagated some improvements and fixes from 5.10-5.10.2 beta releases:

  • SSH core and private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.69. It brings the following change:
    • WinSCP should work with MIT Kerberos again, after DLL hijacking defences broke it.
  • TLS/SSL core upgraded to OpenSSL 1.0.2l.
  • Allow using 64-bit version of PuTTY (and its tools), when available. 1522
  • XML parser upgraded to Expat 2.2.1.
  • Bug fix: Scripting open command without arguments issued irrelevant warning about use of stored site.
  • Bug fix: Generated code uses TransferOptions.Speed instead of TransferOptions.SpeedLimit. 1543
WinMerge_v2.14 Improvements

  • Improve startup time
  • Improve editing of linefilter regular expressions
  • Improve color options organization

Other changes

  • Update PCRE to version 8.10
  • Update SCEW to version 1.1.2
  • Add menuitems for selecting automatic or manual prediffing
  • Add accelerator keys for Shell context menu
  • Allow editing context line count in patch creator
  • Add /xq command line switch for closing WinMerge after identical files and not showing message
  • Allow setting codepage from command line
  • Allow giving encoding name as custom codepage
  • Add new options dialog panel for folder compare options
  • Add options GUI for quick compare limit
  • Write config log as UTF-8 file

Bugs fixed

  • Untranslated string (“Merge.rc:nnnn”) was displayed in status bar
  • Pane headers not updated after language change
  • Quick contents compare didn’t ignore EOL byte differences
  • Compare by size always checked file times too
  • Crash when pasting from clipboard
  • Keeps verifing path even turned off in options
  • Crash after deleting text
  • Added EOL chars between copied file/path names
  • Created new matching folder to wrong folder
  • Strange scrolling effect in location pane
  • Plugin error after interrupting folder compare
  • “+” and “-” from the number block don’t work in the editor
  • Date format did not respect Regional Settings
  • Shell extension used unquoted program path

New Translation

  • Basque

Translation updates

  • Hungarian
  • Turkish
  • Russian
  • Norwegian
  • Danish
  • Dutch
  • Slovenian
MediaMonkey_v4.1.17.1840 Various bug fixes and updates.

 

PuTTY_v0.70 Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even a name we missed when we thought we’d fixed this in 0.69. See vuln-indirect-dll-hijack-3.

Windows PuTTY should be able to print again, after our DLL hijacking defences broke that functionality.

Windows PuTTY should be able to accept keyboard input outside the current code page, after our DLL hijacking defences broke that too.

 

Foobar2000_v1.3.16 Fixed horrible, horrible bug with inverted checkmarks in advanced preferences at 150% text size.

Network streaming: added handlers for more HTTP redirect codes.

Fixed foobar2000 process not setting its working directory to its installation location on startup.

FLAC tagging fixes.

 

Java_v8u141 Fixing of bugs and updates to features.

 

KeePass_v2.36 New Features:

  • Added commands ‘Find Duplicate Passwords’ and ‘Find Similar Passwords’ (in ‘Edit’ -> ‘Show Entries’), which show entries that are using the same or similar passwords.
  • Added command ‘Password Quality Report’ (in ‘Edit’ -> ‘Show Entries’), which shows all entries and the estimated quality of their passwords.
  • Added option ‘String name’ in the ‘Edit’ -> ‘Find’ dialog (for searching entries that have a specific custom string field).
  • Added option for using a gray tray icon.
  • Added {CMD:/…/} placeholder, which runs a command line.
  • Added {T-CONV:/…/Raw/} placeholder, which inserts a text without encoding it for the current context.
  • Added optional ‘Last Password Modification Time (Based on History)’ entry list column.
  • The internal text editor now supports editing PS1 files.
  • The position and size of the internal data viewer is now remembered and restored.
  • For various dialogs, the maximized state is now remembered and restored.
  • Added configuration option for specifying an expiry date for master keys.
  • Added configuration option for specifying disallowed auto-type target windows.
  • Added workaround for Edge throwing away all keyboard input for a short time after its activation.
  • Added workaround for Mono not properly rendering bold and italic text in rich text boxes.
  • TrlUtil now performs a case-sensitive word validation.

Improvements:

  • The password input controls in the IO connection dialog and the proxy dialog now are secure edit controls.
  • The icon of the ‘Save’ command in the main menu is now grayed out when there are no database changes (like the toolbar button).
  • Auto-Type: improved support for target applications that redirect the focus immediately.
  • Auto-Type: improved compatibility with VMware vSphere client.
  • When an error occurs during auto-type, KeePass is now brought to the foreground before showing an error message box.
  • Entries in groups where searching is disabled (e.g. the recycle bin group) are now ignored by the commands that show expired entries.
  • Improved scrolling when moving entries while grouping in the entry list is on.
  • Improved support for right-to-left writing systems.
  • Improved application and system tray icon handling.
  • Updated low resolution ICO files (for Mono development).
  • Moved single-click tray icon action option from the ‘Integration’ tab to the ‘Interface’ tab of the options dialog.
  • Synchronization file path comparisons are case-insensitive now.
  • Improved workaround for Mono clipboard bug (improved performance and window detection; the workaround is now applied only if ‘xsel’ and ‘xdotool’ are installed).
  • Enhanced PrepMonoDev.sh script.
  • KPScript: times in group and entry lists now contain a time zone identifier (typically ‘Z’ for UTC).
  • Various code optimizations.
  • Minor other improvements.

Bugfixes:

  • The drop-down menu commands in the entry editing dialog for setting the expiry date now work as expected.

 

FoxitReader_v8.3.1 New Feature and Improvements:

Easy and Secure File-sharing

Provides a plugin to share your file by generating a file link and sending it via email or to social media, under your full control by advanced settings to share content quickly, easily, and securely.

Some ease of use enhancements.

 

Issues Addressed:

Fixed some issues that could cause Foxit Reader launch slowly.

Fixed some security and stability issues. Click here for details.

 

FileZilla_v3.27.0.1 Bugfixes and minor changes:

MSW: Add missing file to .zip binary package

MSW: Fix toolchain issues breaking the shell extension

 

Paint.net_v4.0.17
  • Added: “Fluid mouse input” option in Settings -> UI -> Troubleshooting. If you see major glitches while drawing, try disabling this.
  • Improved: Default brush size, font size, and corner radius size now scales with major DPI scaling levels (brush size of 2 at 100% scaling, brush size of 4 at 200% scaling, etc)
  • Improved: Default image size now scales with major DPI scaling levels (800×600 at 100%, 1600×1200 at 200%, etc.)
  • Improved performance and drawing latency by removing explicit calls to System.GC.Collect() except when low memory conditions are encountered
  • Improved performance by greatly reducing object allocation amplification by reducing the concurrency level when using ConcurrentDictionary, and by removing WeakReference allocations in favor of direct GCHandle usage
  • Improved: Performance and battery usage by ensuring animations always run at the monitor’s actual refresh rate
  • Improved (reduced) CPU usage when moving the mouse around the canvas
  • Removed: “Hold Ctrl to hide handle” from the Text tool because it was not useful and caused lots of confusion
  • Fixed: Various high-DPI fixes, including horrible looking mouse cursors caused by a bug in the latest .NET WinForms update
  • Fixed: Gradient tool no longer applies dithering “outside” of the gradient (in areas that should have a solid color)
  • Fixed: Very slow performance opening the Effects menu when lots of plugins are installed after installing the Windows 10 Creators Update
  • Fixed: When cropping and then performing an undo, the scroll position was totally wrong
  • Fixed a rendering glitch in the Save Configuration dialog (it would “wiggle”)
  • Fixed: At certain brush sizes, the brush indicator on the canvas had a visual glitch in it due to a bug in Direct2D
  • Fixed: Text tool buttons for Bold, Italics, Underline were not localized for a few languages
  • Fixed a rare crash in the taskbar thumbnails
  • Fixed: Drawing with an aliased brush and opaque color (alpha=255) sometimes resulted in non-opaque pixels due to a bug in Direct2D’s ID2D1RenderTarget::FillOpacityMask
  • Fixed: “Olden” effect should no longer cause crashes (it still has some rendering artifacts due to its multithreading problems, however)
iTunes_v12.6.2 This update is designed for high DPI displays so text and images appear sharper and clearer. It also includes minor app and performance improvements.

 

AdobeReaderDC_v17.009.20058 This release puts in place the infrastructure for simplifying the sign-in process within Acrobat & Reader. This enhancement will be rolled out for Acrobat and Reader users in near future.

 

Shockwave_v12.2.9.199 Fixes a critical memory corruption vulnerability that could lead to code execution.

 

Flash_ v26.0.0.137 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

AIRRuntime_v26.0.0.127 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

Adobe Issues Emergency Flash Update

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Don’t Hesitate: Update Flash Immediately

Adobe issued a security advisory update for Flash Player on Windows, Macintosh, Linux and Chrome OS. If you have Flash installed, update or remove Flash now.

The updates address critical vulnerabilities that could allow an attacker to access a vulnerable system, allowing a remote attacker to execute code on a user’s device and seize control over the device. Read the full security bulletin from Adobe here.

Although it is vital to have Flash’s global settings set to install updates automatically, security updates are not always available to you. A better option is to manage your updates and third-party patches with a solution like Syxsense.

Why is Adobe Flash Player a consistent target for hackers?

An extremely powerful and buggy program that binds itself to the browser, Flash is a favorite of attackers and malware. It is installed on endless number of devices and many people use it for Flash-based media such as online video content. Attackers frequently rely on people having Flash installed, making it an easy, accessible target.

The version of Adobe Flash Player currently installed on your computer is likely out-of-date. Users may have improperly configured updates or software updates when a new one is released. Massively used software that hasn’t been kept updated with the latest patches is a hacker’s favorite target.

Third-party software, such as Flash, tends to be left for last or forgotten about. This could pose a greater vulnerability to your systems.

With Syxsense, creating a strategic deployment is rapid, reliable, and stable. We have the leading library of third-party vendors and are always adding more based on customer recommendations.

[vc_single_image image=”12545″ img_size=”200×200 px”]
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

July Patch Tuesday: Check Your Pulse

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

How much did that sandwich really cost you?

On July 4, payment kiosk vendor Avanti Markets which installs self-service payment devices into corporate break rooms across America, suffered an embarrassing security breach.

According to investigator Brian Krebs who first reported the news, the systems of the company were infected by a malware that stole customer data including names, e-mail addresses, credit card accounts as well as biometric data.

Robert Brown, Director of Services said, “Attacks like this are evidence of the diversity used by attackers to collect both company and personal data. Any device with an operating system and software needs to be updated for compliance. Devices with outdated software or missing operating system updates are much easier to exploit, and in this case has the potential to expose millions of personal details including credit card information.”

The company admitted the breach and it is informing people that their data were exposed:

“On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.”

Source: Avanti

[vc_single_image image=”12386″ img_size=”220×220 px”]

Mind the Gap!

Since the outbreak of WannaCry, NotPetya and other threats this year, have you wondered where the gaps in your security are? It may surprise you to learn this, but most IT professionals have an outdated view of their own security.

Many believe they will never be targeted, and that is a big problem. This leads to a lack of planning when they are exposed, and most likely leads to an extended loss of data or worse – paying the ransom, and possibly paying it with their jobs.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Simple steps can be implemented to protect your environment. It may also surprise you that attacks are currently exposing vulnerabilities which have been remediated by the vendor years and years ago, how can this be? Once again, IT professionals do not believe these old vulnerabilities will be used.

Industry experts believe that simply deploying your oldest missing updates can reduce your risk of exposure by 20 – 30%, which is staggering.

Robert Brown, Director of Services said:

“Our customers must know what operating system updates are missing and what software needs to be updated. Syxsense can help you to proactively identify the highest severity missing updates for both Microsoft, Linux along with third-party software. It’s simple to schedule with no visible end user disruption and easy to safeguard your environment. Don’t think you are secure, know you are secure.”

The human factor impacting IT Security

Employees hide IT security incidents in 40% of businesses, according to a new report from Kaspersky Lab and B2B International, “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within.” With 46% of IT security incidents caused by employees each year, this business vulnerability must be addressed on many levels, not just through the IT security department.

Uninformed or careless employees are one of the most likely causes of a cybersecurity incident — second only to malware. While malware is becoming more sophisticated, the reality is that the human factor can pose an even greater danger. In particular, employee carelessness is one of the biggest chinks in corporate cybersecurity armor when it comes to targeted attacks, the IT security product firm says.

While advanced hackers might always use custom-made malware and hi-tech techniques to plan a heist, they will likely start with exploiting the easiest entry point – human nature.

[vc_single_image image=”12779″ img_size=”200×200 px”]

Microsoft Updates

We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10.  Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

CVE ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-8584 Microsoft Windows Hololens Arbitrary Code Execution Vulnerability 10 YES
CVE-2017-8589 Microsoft Windows Search Arbitrary Code Execution Vulnerability 10 YES
CVE-2017-8588 Microsoft Windows WordPad Arbitrary Code Execution Vulnerability 9.6 YES
CVE-2017-8590 Microsoft Windows Common Log File System Privilege Escalation Vulnerability 9.3 YES
CVE-2017-0243 Microsoft Office Remote Code Execution Vulnerability 7.8 YES
CVE-2017-8501 Microsoft Office Memory Corruption Vulnerability 7.8 YES
CVE-2017-8502 Microsoft Office Memory Corruption Vulnerability 7.8 YES
CVE-2017-8570 Microsoft Office Arbitrary Code Execution Vulnerability 7.8 YES

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]