Skip to main content
Monthly Archives

November 2017

||

Troll Ransomware: Third-Party Patch Update

By News
[vc_single_image source=”featured_image” img_size=”full”]

What is Troll Ransomware?

This year has had many major ransomware and data breach events. From BitPaymer to the Equifax Hack, when the news hasn’t been dominated by Trump, it’s been focused on cybersecurity.

This has clearly caught the attention of the dark web. In just the past month, many new ‘troll’ ransomware variants have been discovered. These variants mimic some of the major players from this year, such as WannaCry.

The difference, however, is no data gets encrypted. They appear to exist just to cause panic and make the victim believe they are compromised when they really aren’t.

As is common with internet trolls, this creates confusion and frustration. How do you know if you are a victim of WannaCry or just an imposter? And how easy would it be for these trolls to go from upsetting prank to true ransomware attackers?

The best way to protect yourself is to implement a thorough patching strategy. Utilizing a solution like Syxsense facilitates smooth patch deployments. Set up automated patching tasks to ensure that when critical updates are released they get deployed to devices that need them. Patching removes exploits that ransomware tends to target.

Start your free trial with Syxsense today.

[vc_single_image image=”12852″ img_size=”180×180″ alignment=”center”]

November Third-Party Patch Updates

Below is a list of 3rd Party Software Updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash, AIR, and ActiveX: 27.0.0.187 – https://helpx.adobe.com/flash-player/release-note/fp_27_air_27_release_notes.html

 

Shockwave: 12.3.1.201 – https://helpx.adobe.com/security/products/shockwave/apsb17-40.html

 

Apache Word Processor OpenOffice: 4.1.4 – https://blogs.apache.org/foundation/entry/the-apache-software-foundation-announces19

 

Apple Media Software iTunes: 12.7.1 – https://support.apple.com/kb/dl1814?locale=en_US

 

Citrix Data Delivery Receiver: 4.10 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 

FileZilla FTP Solution 3.29 – https://filezilla-project.org/versions.php

 

Foxit PDF Reader Reader: 9.0 – https://www.foxitsoftware.com/pdf-reader/version-history.php

 

Google Browser Chrome: 62.0.3202.97 – https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-chrome-os_15.html

 

Malware Bytes Malware Defender

 

3.3.1 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Brower and Email Client Firefox: 57 – https://www.mozilla.org/en-US/firefox/57.0/releasenotes/

Thunderbird: 52.5.0 – https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/

 

Wireshark Network Protocol Analyzer 2.4.2 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.2.html

 

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
|||||||

RDP: Is the ‘R’ for ‘Ransomware’?

By News
[vc_single_image image=”13202″ img_size=”full”]

RDP Creates Vulnerabilities

Remote Desktop Protocol is something you’ll find on every Windows computer and widely used throughout the IT industry. But does the ‘R’ in RDP now stand for Ransomware?

As the common methods of distributing ransomware get tougher, attackers are looking for new exploits. The manipulation of RDP is coming to the forefront. Since almost every Windows computer has it, and it’s built to access devices, it may become the ideal way for ransomware to enter an environment.

Some high-profile ransomware already utilize this method, such as BitPaymer.

So, how do you protect your business from this vulnerability?

Step 1: Disable, and then replace, RDP.

Step 2: Implement a rigorous Patch Strategy.

Disabling RDP will protect your environment, but many IT departments rely on it to do their jobs. However, if you replace RDP with another remote control solution, you can disable RDP and rest easy.

Syxsense provides a secure Remote Control solution. Utilizing 2048-bit encryption, our product communicates securely between the accessing device and the target. You can also enable prompts for the user on the target to allow, or disprove, access.

Patching your devices is also critical for maintaining a secure environment. Using Syxsense, you can implement a patching strategy that keeps your devices up to date. Our Patch Manager shows you, at a glance, which devices need patching. Tasks can be set to happen on an automated schedule to work around business hours. Replace RDP with Syxsense and experience a free trial today.

[vc_single_image image=”13186″ img_size=”200×200 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
|

November Patch Tuesday: High-Speed Malware

By News, Patch Tuesday
[vc_single_image image=”13170″ img_size=”full”]

Russia Caught On Top

Towards the end of October, we started to see a flow of ransomware attacks from Russia with called Bad Rabbit.

This epidemic has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine and across Europe. Bad Rabbit was the latest in a wave of recent ransomware attacks sweeping across the globe.

This new exploit reiterated the fact that Microsoft patching alone is not sufficient to protect yourself or your infrastructure from these kind of attacks. This particular exploit needs to be exploited manually, a user is “duped” into thinking they are downloading a seemingly innocent Adobe Flash player update from what looks to be a legitimate website. Once activated Bad Rabbit then triggers the EthernalRomance exploit infection vector to spread within corporate networks in the same way as WannaCry and NotPetya.

James Rowney, Service Manager for Verismic said in an email “Patch management in this day and age is paramount, your platform of choice should be able to protect all major Operating Systems and vendor applications. Syxsense supports updates for Microsoft, Linux, Macintosh and long list of third party vendor applications so with CMS you can be assured that you have the ability to protect yourself.”

Malware speeds its way across the UK

Last week closer to home reports started to come in that fake speeding notices have been sent out across the UK which are being used to deliver malware. This new threat to the public is aimed at home users and is sent in the form of an email entitled Notice of Prosecution which claims to have photographic evidence and supplies a link. Clicking on the link will download banking malware to the victim’s device.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Should you receive an email of this kind the first things to look for are any grammatical errors or spelling mistakes, the mails also tend to have ridiculously high speeds recorded, 90mph in a 30mph zone for example.

Police have advised people to delete any mails relating to Notice of Prosecution without opening them as all prosecution notices are send to the registered address of the vehicle by post. There was a similar strategy used in December 2016 so it seems the cyber criminals are out to ruin the holidays for some poor victims again this year.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRAIL[/dt_default_button]

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

November Microsoft Patch Tuesday Release

Microsoft published its monthly security updates on November 14, 2017, addressing 53 vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core and .NET Core, Chakra Core. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11876 Microsoft Project Privilege Escalation Vulnerability 8.8 Yes
CVE-2017-11827 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11855 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11856 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11869 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11847 Microsoft Windows Kernel Privilege Escalation Vulnerability 7 Yes
CVE-2017-11770 Microsoft ASP.NET Core Denial Of Service Vulnerability 5.9  
CVE-2017-11788 Microsoft Windows Search Denial of Service Vulnerability 5.9  
CVE-2017-11830 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3  
CVE-2017-11883 Microsoft ASP.NET Core Request Handling Denial Of Service Vulnerability 5.3  
CVE-2017-11831 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11832 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11835 Microsoft Windows Embedded OpenType Font Engine Information Disclosure Vulnerability 4.7  
CVE-2017-11842 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11849 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7  
CVE-2017-11850 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11851 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11852 Microsoft Windows Graphics Component Information Disclosure Vulnerability 4.7
CVE-2017-11853 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11880 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11877 Microsoft Excel Security Feature Bypass Vulnerability 4.4
CVE-2017-8700 Microsoft ASP.NET Core Information Disclosure Vulnerability 4.3  
CVE-2017-11791 Microsoft Edge and Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3  
CVE-2017-11803 Microsoft Edge Information Disclosure Vulnerability 4.3  
CVE-2017-11833 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11834 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11844 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-11848 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11872 Microsoft Edge Security Feature Bypass Vulnerability 4.3
CVE-2017-11879 Microsoft ASP.NET Core URL Redirection Vulnerability 4.3
CVE-2017-11836 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11837 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11838 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11839 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11840 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11841 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11843 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11845 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11846 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11854 Microsoft Word Memory Corruption Vulnerability 4.2
CVE-2017-11858 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11861 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11862 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11863 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11866 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11870 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11871 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11873 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11874 Microsoft Edge Security Feature Bypass Vulnerability 4.2
CVE-2017-11878 Microsoft Excel Memory Corruption Vulnerability 4.2
CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11768 Microsoft Windows Media Player Information Disclosure Vulnerability 2.5
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]