Skip to main content
Monthly Archives

October 2017

|||||

BadRabbit: Newest Ransomware to Target Corporate Networks

By NewsNo Comments
[vc_single_image image=”13132″ img_size=”full”]

Updated 10/25/17 at 09:51am 

Ransomware Alert: BadRabbit is the New NotPetya

A new ransomware attack from the actors behind ExPetr/NotPetya has jumped into the spotlight. The outbreak began in Russia, infecting big Russian media outlets, but it has already spread. Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected. An increase of US infections is expected. BadRabbit is currently running wild over Europe, thanks to its close ties to the source region.

The US computer emergency readiness team has released a statement and “discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored.”

Several security agencies are reporting that a false Adobe Flash Update is the infection method. Without utilizing exploits, the ‘drive-by’ attack tricks the victim into downloading the fake installer from a convincing website. The victim, assuming it is a legitimate Flash update, then manually launches the .exe file. From there, BadRabbit has a hold of the device and can spread to more devices on the connected network.

There are several recommended steps for stopping the spread of this new ransomware. The first step is to disable WMI Service to prevent the hopping of ransomware throughout your connected networks. It may be inconvenient, but especially if you have offices in the Ukraine or Russia, disabling that connection could be the key to preventing your entire company from being infected.

There is also now a ‘vaccine’ for BadRabbit. The security researcher Amit Serper posted his findings on Twitter.

[vc_single_image image=”13141″ img_size=”large” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://twitter.com/0xAmit/status/922911491694694401″]

The tweet reads: “I can confirm – Vaccination for #badrabbit: Create the following files c:windowsinfpub.dat && c:windowscscc.dat – remove ALL PERMISSIONS (inheritance) and you are now vaccinated.“

With a software distribution solution, like Syxsense, you can easily deploy this file to every device you manage. Utilizing the simple deployment wizard, you can have a task running in seconds to protect your environment.

Another important step to protect yourself from ransomware is to have a rigorous patching strategy in place. Syxsense ensures the security of your content. We have both Microsoft updates and the industry’s leading library of third-party updates.

[vc_single_image image=”12545″ img_size=”180×180 px” alignment=”center”]

We obtain all our content directly from their source and don’t change the code. The update you deploy through our patch manager is the same one you would get directly from the vendor. The difference is we put logic around the update to ensure an accurate deployment.

Ransomware attacks have picked up in the last few months, and will only get more bold and pervasive. Protect your company and environments by implementing Syxsense.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
October 24, 2017
Love0

Adobe Patches Zero-Day Exploit Used to Deliver Spyware

By UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Urgent: Emergency Flash Update

Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.

The vulnerability, CVE-2017-11292, was disclosed on 10th October by researchers at Kaspersky Lab, who saw the payload and exploit used against a customer’s network.

An exploit utilizing the flaw is delivered through a malicious Microsoft Word document which then installs the FinSpy commercial malware. FinSpy is a highly sophisticated system used by governments worldwide to monitor the activities of people of interest — whether criminals, activists, or journalists. The malware is able to monitor communication software such as Skype, eavesdrop on video chats, log calls, view and copy user files, and more.

Victims of the APT have been spotted in countries including Russia, Iraq, Afghanistan, Nigeria, Libya, and Angola, but the groups’ interests are hard to decipher — spanning across everything from oil to money laundering and think tanks.

Adobe said Flash version 27.0.0.159 on the desktop, Linux and Google Chrome is affected, as well as version 27.0.0.130 for Edge and Internet Explorer 11 on Windows 10 and 8.1. Users should be sure to be running Flash 27.0.0.170 on all platforms, or heed the advice of many security experts to disable Flash all together.

Robert Brown, Director of Services for Verismic said, “We have now observed two Zero Day exploits within the past month, with some industry experts (including our own) suspecting this to be part of the Black Oasis group who are exploiting vulnerabilities using the FinSpy payload. We are recommending all of our clients to ensure this patch is deployed as quickly as possible using Syxsense.”

As the zero-day is in active use, all users should immediately apply Adobe’s latest security fix to stay safe.

[vc_single_image image=”13115″ img_size=”200×200 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
October 17, 2017
Love0
||

Hyatt Hack: Major Data Breach

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Hyatt Breach Affects 41 Hotels Worldwide

We would like to warn hotel guests of another credit card breach at Hyatt Group, the second since December 2015. On Thursday last week, 41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.

China had the worst breach with 18 hotels impacted, with three in North America. India, Japan and Saudi Arabia were also exposed.

Chuck Floyd, global president of operations for Hyatt Hotels Corporation, in an open letter to customers posted to its website “Based on our investigation, we understand that such unauthorized access to card data was caused by an insertion of malicious software code from a third party onto certain hotel IT systems.”

Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015. In a prepared statement at the time Hyatt stated, “Hyatt has taken steps to strengthen the security of its systems, and customers can feel confident using payment cards at Hyatt hotels worldwide.”

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

Robert Brown, Director of Services for Verismic said, “It’s possible the steps taken by the Hyatt group back in December 2015 are still being deployed throughout the organization, especially if those systems are dispersed around the globe and not connected by a common network. When choosing your systems management toolset, you need to implement the solution which is secured using 2048bit certificates and two factor authentication but also works regardless of where the endpoints are located.

This is something built into the DNA of Syxsense, to operate securely as long as there is an internet connection. Using Syxsense, these endpoints could have been protected within a couple of weeks.”

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
October 16, 2017
Love0

Recall: Microsoft KB4041676

By UncategorizedNo Comments

[vc_single_image source=”featured_image” img_size=”full”]

Will Microsoft Recall KB4041676?

There are many reports of issues being encountered by companies who have applied KB4041676 in Octobers Microsoft patch Tuesday release. Issues of failed installations, rolled back installations or Windows being stuck on shutdown / sign-in are evidence something has gone wrong with this update.

Looking at the Microsoft cumulative update, there are more than 20 individual updates inside this rollup, any one of them could be the problem.

Known Issues in this Update

Symptom Workaround
Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications. Microsoft is working on a resolution and will provide an update in an upcoming release.
Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated.

If available, disable UCSI in the computer system’s BIOS. This will also disable UCSI features in the Windows operating system.

Microsoft is working on a resolution and will provide an update in an upcoming release.

[vc_single_image image=”13020″ img_size=”200×200 px” alignment=”center”]

Until we have established exactly what the root cause is, we are recommending our customers to remove this update from their scheduled deployments this month.

Robert Brown, Director of Services for Verismic said, “We help our clients to design a time efficient testing process to ensure issues caused by rouge updates are minimized without significantly delaying any update rollout.”

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

October 11, 2017
Love0
|

October Patch Tuesday: Silent But Deadly

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Should Third-Party Really Be your Second Priority?

If you have a patching strategy delivering Microsoft updates on a routine basis, you should extend that capacity to include third-party updates.

Just a couple weeks ago, we discovered a massive compromise in one of the world’s largest business and personal computer utilities, “CCleaner” by Piriform.

Version 5.33.6162 was released with injected malicious code which would expose any system to hackers remotely gaining access to that system. To make matters worse, CCleaner does not come with an automatic update capability so remediating these issues requires a toolset which can remotely deploy or patch third-party software. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day.

Robert Brown, Director of Services for Verismic said, “Your patch management strategy must include both the operating system and any software or third-party updates to be reassured of your environment’s safety. Deploying only Windows updates is not closing the holes used by hackers in the current wave of ever increasing sophisticated hacks.

Syxsense includes both Microsoft, Linux and the most popular third-party vendors so you can be reassured everything is covered.”

Source: TechPowerUp

[vc_single_image image=”12852″ img_size=”200×200 px”]

What takes 206 days?

Cyberattacks are an increasingly serious risk for organizations, but many executives believe their organization won’t be targeted. They claim their organization is too small to be on the attackers’ radars or that they have nothing worth stealing.

Many cybercriminals are indiscriminate in their attacks and can always find something of interest. However, companies that believe they’re safe may already be penetrated – they just don’t know it yet.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

A study found that US companies took an average of 206 days to detect a data breach. This is an increase on the previous year (201 days) where a survey showed 20 percent of employees showed a lack of awareness for safe social media posting, choosing risky actions such as posting on their personal social media accounts. Data breaches are contained sooner if they’re detected by a staff member when conducting routine assessments of potential vulnerabilities within their organization.

“This is why it is important to have a proactive stance when it comes to patch management,” said Brown. “How long will it take before you realize you have been compromised?”

Ransomware is the fastest growing security threat, yet most companies are unprepared to deal with it, says a new study. Companies and government agencies are overwhelmed by frequent, severe attacks, according to the 2017 Ransomware Report commissioned by Cybersecurity Insiders and conducted by Crowd Research. That illustrates why ransomware damages are expected to hit $6,000,000,000 this year.

[vc_separator]

October Patch Tuesday Release

Microsoft published its monthly security updates on October 10, 2017, addressing 62 vulnerabilities in Windows, Internet Explorer, Edge, and Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. View details of the complete Security Update Guide here.

We have selected the updates to prioritize this month. Our recommendation has been made using evidence from industry experts, anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11779 Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability 9.8 Yes
CVE-2017-11786 Microsoft Skype for Business Elevation of Privilege Vulnerability 8.3 Yes
CVE-2017-8717 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8718 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11771 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11781 Microsoft Windows Server Message Block Denial of Service Vulnerability 7.5 Yes
CVE-2017-11819 Microsoft Windows Shell Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11782 Microsoft Windows Server Message Block Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11783 Microsoft Windows Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11780 Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability 7.3 Yes
CVE-2017-8689 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8694 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-11824 Microsoft Windows Graphics Component Privilege Escalation Vulnerability 7 Yes
CVE-2017-8703 Microsoft Windows Subsystem for Linux Denial of Service Vulnerability 6.8 Yes
CVE-2017-11776 Microsoft Windows Universal Outlook Information Disclosure Vulnerability 6.5 Yes
CVE-2017-11815 Microsoft Windows Server Message Block Information Disclosure Vulnerability 6.4
CVE-2017-11784 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11785 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11772 Microsoft Windows Search Service Information Disclosure Vulnerability 5.9
CVE-2017-11816 Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability 5.7
CVE-2017-11829 Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability 5.5
CVE-2017-11775 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11777 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11820 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8693 Microsoft Windows Graphics Information Disclosure Vulnerability 5.3
CVE-2017-8715 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11765 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11823 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11817 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11818 Microsoft Windows Storage Security Feature Bypass Vulnerability 4.5
CVE-2017-11790 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8726 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8727 Microsoft Windows Shell Memory Corruption Vulnerability 4.2
CVE-2017-11762 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11763 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11769 Microsoft Windows TRIE Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 4.2
CVE-2017-11792 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11793 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11796 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11797 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11798 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11799 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11800 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11801 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11802 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11804 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11805 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11806 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11807 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11808 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11809 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11810 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11811 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11812 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11813 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11821 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11822 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11825 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability 4.2
[vc_separator][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE SYXSENSE TRIAL[/dt_default_button]
October 10, 2017
Love0
|

Syxsense Announces Support for Linux

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”large”]

Syxsense Announces Support for Linux

ALISO VIEJO, Calif. (October 05, 2017) – Verismic, a global leader in cloud-based IT management technology, has released a new Syxsense version featuring support for Linux Operating Systems.  This new version provides IT departments with a single interface for automating discovery, Inventory and Patching of Windows, Linux and third-party applications.

With recent high-profile IT Security incidents like Equifax, businesses need to discover and manage all their Desktops, Servers and Cloud Assets.  They also need to quickly calculate the health status of each system, identify vulnerable computers and then patch all their applications, especially third-party applications. However, heterogeneous patch management is a nightmare for IT administrators, particularly when they have to apply patches across different operating systems as well as third-party applications.

“Although Windows is predominantly used at the desktop, many organizations run Linux on their servers,” said Diane Roger, Chief Product Officer for Syxsense.

“Discovering all endpoints and then securing them from vulnerabilities while keeping them up to date is something every organization requires, but it can get complicated with multiple operating systems. Syxsense can now support those organizations within a single interface.” said Ashley Leonard, CEO for Verismic Software.

[vc_single_image image=”12852″ img_size=”250×250 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
October 5, 2017
Love0