Skip to main content
Monthly Archives

August 2017

||

Chrome Compromised: September Third-Party Patch Update

By Patch Management

[vc_single_image source=”featured_image” img_size=”medium”]

1 Million Targeted by Chrome Extension Hack

Even experts aren’t exempt from deceptive phishing attacks. It’s being reported that the developers of several extensions had their login credentials stolen.

It’s the second time in a week that Chrome users have been targeted by extension hijacks. The first involved an extension called CopyFish with around 30,000 installs. That attack may have been a test intended to see how many fraudulent ad views could be pumped through before Google intervened and returned control of the extension to its rightful owners.

Extensions reported so far:

  • Web Developer version 0.4.9
  • Chrometana version 1.1.3
  • Infinity New Tab version 3.12.3
  • CopyFish version 2.8.5
  • Web Paint version 1.2.1
  • Social Fixer 20.1.1
  • TouchVPN
  • Betternet VPN

Once the attackers had access to the developers accounts for these extensions, they began modifying the code. It seems their goal was to gain control over victims’ browsers and then if the victim had a Cloudflare account, steal that information.

It’s important to keep your browser’s up to date and review extensions before you install them.

The Source of NotPetya

Just after the outbreak of NotPetya, several entities seemed to point at software distribution provider MeDoc as one of the main sources of the outbreak. They claim that their software was a victim of a hack that then led to it being the vessel for initial distribution of NotPetya. From there, it spread through updates of MeDoc and began infecting more and more victims. This sort of event is known as a ‘supply chain attack’.

[vc_single_image image=”12386″ img_size=”200×200″]

The compromise of a software distribution method is extremely dangerous for businesses. Before you know it, a vulnerability can be spread to every device accessible via the hacked distribution software. How do you prevent such a disaster? One way could be the activation of two-factor authentication for login to your IT management software. This can help prevent the software from being compromised in the first place.

Don’t leave something that could infect your entire environment unsecured.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

Below are a list of third-party software updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash and AIR: 26.0.0.151 and 26.0.0.127 – https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html

 

Apple Media Software iTunes: 12.6.2 – https://www.neowin.net/news/apple-releases-security-updates-for-itunes-and-icloud-for-windows

 

Cerulean Instant Messaging

 

Trillian: 6.0 build 61 – https://www.trillian.im/changelog/windows/6.0/

 

Citrix Data Delivery Receiver: 4.9 LTSR – http://docs.citrix.com/en-us/receiver/windows/current-release/about.html

 

Don Ho Source Code Editor Notepad++: 7.5 – https://notepad-plus-plus.org/news/notepad-7.5-released.html

 

FileZilla FTP Solution 3.27.1 – https://filezilla-project.org/versions.php

 

Foxit PDF Reader Reader: 8.3.2.25013 – https://www.foxitsoftware.com/pdf-reader/version-history.php

 

Google Browser Earth: 7.3.0 – https://support.google.com/earth/answer/40901?hl=en

Chrome: 60.0.3112.113 – https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_24.html

 

Malware Bytes Malware Defender

 

3.2 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Brower and Email Client Firefox: 55.0.3 – https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/

Thunderbird: 52.3.0 – https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/

 

Realvnc Remote Access Software 6.2.0 – https://www.realvnc.com/en/connect/docs/desktop-release-notes.html

 

The Document Foundation Office Suite LibreOffice: 5.4.0 – https://wiki.documentfoundation.org/ReleaseNotes/5.4

 

Wireshark Network Protocol Analyzer 2.4.0 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html

 

[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||

Introduction: Syxsense University

By Patch Management, Video

Exploring Syxsense

What if you could see vulnerabilities from a mile away? Syxsense acts to proactively protect and manage your environment efficiently.

Automatically keep desktops, laptops and remote users up-to-date with security patches and software updates from Microsoft and third-party vendors.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”] START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||||

Russian Hacking Group Targets Hotel Guests

By News
[vc_single_image image=”12919″ img_size=”large”]

Hackers Use NSA Tools in Hotels Across Europe

A group of Russian hackers best known for breaking into the Democratic National Committee have been using a leaked NSA espionage tool to target hotels across Europe in an attempt to spy on guests, according to new research published by cybersecurity firm, FireEye.

The hacker group known as APT28, or Fancy Bear, has targeted victims through connections to hacked hotel Wi-Fi networks.

APT28 infiltrated hotel networks via phishing emails that contained infected attachments and malicious Microsoft Word macros. Once they were in a hotel Wi-Fi network, they would then launch NSA hacking tool EternalBlue, which was leaked in 2017. This tool allowed them to spread control throughout the network, eventually reaching servers responsible for the corporate and guest Wi-Fi networks.

“It’s definitely a new technique” for the Fancy Bear hacker group, says Ben Read, who leads FireEye’s espionage research team. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

Hotel Wi-Fi has become a major vehicle for advanced hackers to target people of interest who happen to be connected. In 2014, researchers at security firm Kaspersky Lab said a group it dubbed Dark Hotel had been infecting hotel networks for at least seven years.

In a separate report a year later, Kaspersky Lab researchers uncovered evidence suggesting a separate hacking group with ties to the creators of the Stuxnet worm infected hotel conference rooms in an attempt to monitor high-level diplomatic negotiations the US and five other nations held with Iran over its nuclear program.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”12927″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

What can you do to protect yourself?

For remote users, it’s important to be aware of the threats like having information and credentials passively collected when connecting to public, untrusted networks. Experts advise using your own wireless hotspot and avoid connecting to hotel Wi-Fi networks when possible.

Keeping all remote devices fully patched is also critical. APT28 is using the same exploit as WannaCry and NotPetya. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

However, many organizations have older non-Microsoft supported operating systems still deployed – Windows Server 2003, Windows XP, Windows XP Embedded and Windows 8. Microsoft also took the unusual of releasing a patch for these unsupported operating systems.

We strongly recommend identifying all vulnerable operating systems and deploying this patch immediately.

[spacer height=”10px”][vc_single_image image=”11213″ img_size=”medium” alignment=”center”]

Many companies struggle to keep remote users completely up-to-date since they rely on manual patching or simply do not prioritize the process. However, patching is a necessity – even more so for machines that are not always on the network.

Syxsense allows you to keep all devices, including remote users, fully patched and protected. After months of global ransomware attacks and major security threats, it has never been more important to protect your IT environment.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||

August Patch Tuesday: The HBO Hackers

By News, Patch Management, Patch Tuesday
[vc_single_image source=”featured_image” img_size=”medium”]

Winter isn’t coming. Winter is here!

The recent HBO hack may have exposed up to 1.5 terabytes of data. This is 7 times what Sony lost in the 2014 cyberattack.

The script of the upcoming episode of Game of Thrones and other episodes of popular HBO series have also been released by the hackers. What still awaits to be released by the hackers remains unclear.

“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming.”

Richard Plepler, HBO CEO in an email published by Entertainment Weekly.

Robert Brown, Director of Services for Verismic says, “I wonder if they will be reading our Avoiding Patch Doomsday whitepaper as part of their security review? With this whitepaper, they can stop reacting to these kinds of threats and start predicting them. I’m sure this exposure has put a chill in their summer.”

Masses of common flaws crack open 55% of Corporate Networks Corporate information systems became more vulnerable in 2016, even as user awareness regarding information security significantly increased. That’s the word from Positive Technologies, which found in an overview of security audit findings that critical vulnerabilities were detected in 47% of investigated corporate systems last year.

[vc_single_image image=”12545″ img_size=”220×220 px”]

Implementing a proactive patching process should be one of the most important tasks being performed by your IT Security teams, especially since ransomware shuts down on average one in five small business after it hits.

“The human factor is the most likely weakness and often the cause of exposures for small to medium sized businesses,” says Robert Brown, Director of Services at Verismic. “These issues can be alleviated with the right patch management tool.”

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

WoSign and StartCom revoked from the Trust Root Program

Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by their Trusted Root Program, observing unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.

Microsoft will begin the natural deprecation of WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017. Microsoft values the global Certificate Authority community and only makes these decisions after careful consideration as to what is best for the security of our users.

Microsoft addressed 48 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft SQL Server, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain escalated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-8620 Microsoft Windows Search Arbitrary Code Execution Vulnerability 9 Yes
CVE-2017-8591 Microsoft Windows Input Method Editor Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8593 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-8624 Microsoft Windows Common Log File System Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-0250 Microsoft Windows Jet Database Engine Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-0293 Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-8625 Microsoft Internet Explorer Security Bypass Vulnerability 8.3 Yes
CVE-2017-8634 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8635 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8636 Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8638 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8639 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8640 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8641 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8645 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8646 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8647 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8651 Microsoft Internet Explorer Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8653 Microsoft Internet Explorer Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8655 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8656 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8657 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8661 Microsoft Edge Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8669 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8670 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8671 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8672 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 8.3 Yes
CVE-2017-8674 Microsoft Edge Memory Corruption Vulnerability 8.3 Yes
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|||

Syxsense Releases New Version

By News
[vc_single_image source=”featured_image” img_size=”large”]

Cloud Management Unveils Redesigned User Interface

With a redesigned user interface, a new version of Syxsense is now available. The update provides a simplified workflow with task automation, enhancing usability, reporting and improved functionality.

Syxsense simplifies operation for larger customers by eliminating the paging feature and replacing it with a single screen and scroll bar.

Automatic refreshes now occur in the background which allows task statuses and device lists to stay up-to-date.

“We are focused on making intuitive changes for our customers. Although customers have always loved the Syxsense user interface, it is now even easier to use,” said Ashley Leonard, president and CEO of Verismic. “By listening and applying client suggestions, we are consistently improving Syxsense.”

The enhanced workflow moves smoothly from left to right, simplifying the process of automating new tasks or preparing organizational items like groups or queries.

All previous features, such as patch management and device discovery are still readily available to customers.

[vc_single_image image=”12887″ img_size=”250×250 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||||

3 Lessons Learned from the Summer of Ransomware

By Patch Management
[vc_single_image image=”12853″ img_size=”large”]

Don’t Let History Repeat Itself

Those who don’t learn from the past are sure to repeat it. As we enter August, it’s a perfect time to reflect on lessons learned from the biggest global security threats of the summer.

There are vital security protections that organizations should have in place to reduce risk and protect against the next disaster. After experiencing this summer’s storm of  events, it’s important to evaluate your patch strategy and ensure the safety of your company.

The WannaCry attack in May affected computers in 12 countries, including the NHS. In June, a South Korean hosting company paid out $1 Million USD in bitcoin, the largest sum ever, after being infected by the Erebus malware. Most recently, the NotPetya ransomware was spread via forced automatic updates, affecting global businesses.

Below are tips to ensure your organization doesn’t become an IT security cautionary tale this summer.

1. Don’t Count on a Kill Switch

Before the kill switch to WannaCry was discovered by accident, it had already infected tens of thousands of computers across the world, shutting down vital systems used by the NHS in the UK.

Don’t rely on a kill switch to save the day in future attacks though, most ransomware doesn’t have this capability. New variants of WannaCry are still being released that ignore the kill switch.

[vc_single_image image=”12847″ img_size=”200×200 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

WannaCry exploits a weakness in the Microsoft Operating Systems that were originally identified by the NSA. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

2. Don’t Count on Auto Updates

A set it and forget it mentality to IT security is appealing, however, it rarely works out in the IT manager’s favor. NotPetya has highlighted the danger of relying on auto updates to secure your operating systems and third party applications. Security experts say accounting program provider MeDoc was breached and the NotPetya ransomware was spread via forced automatic updates. The attack has so far been detected in Poland, Italy, Germany, France, the US, the UK, Russia, and Ukraine.

Syxsense has always recommended disabling auto updates in apps and OS to allow you to properly test, pilot and control distribution of updates.

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

3. Patch in a Timely Manner

Patch management should never be delayed. The vast majority of security events are attack vulnerabilities that have already been addressed. In the case of WannaCry, Microsoft had released an update that addressed the vulnerability two months prior to the worldwide attack.

By putting off patching, you leave your environment completely vulnerable to exploits and ransomware. Always be prepared for doomsday by patching consistently and efficiently.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]