Skip to main content
Monthly Archives

January 2018

|

“Insane Garbage” Patches Disrupt Devices

By NewsNo Comments

Intel Warns of Faulty Meltdown and Spectre Patches

If you thought the Meltdown and Spectre threat had passed, Intel has some bad news: don’t install their updates!

In a statement released by Intel, their EVP Neil Shenoy stated: “We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment…they may introduce higher than expected reboots and other unpredictable system behavior.”

Users are not the only ones incredibly frustrated with Intel. Linus Torvalds, creator of Linux, expressed his displeasure with Intel.

They do literally insane things. I really don’t want to see these garbage patches just mindlessly sent out. I think we need something better than this garbage.

What You Should Do

The best approach, for now, is to monitor your systems with a comprehensive IT management solution. Keep an eye on the status of your environment by implementing a solution that can easily show you, through the console or reports, which devices are affected by these updates.

Syxsense has this capability, and more. Keep track of the status of your IT environment through detailed, easy to understand reports. If you decide you want to remove these disastrous patches, with Syxsense, you can roll them back in just a few clicks.

Find a better way to manage devices, start your trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Verismic Announces Record-Breaking Growth of Syxsense

By NewsNo Comments

Major Growth and Market Adoption of Syxsense

Verismic, a global leader in cloud-based IT management technology, announces the rapid growth of Syxsense over the last 12 months. CMS has seen major progression in sales and functionality.

Syxsense grew rapidly in all markets, including the US, United Kingdom, Brazil and Australia. Syxsense’s year-over-year sales grew by 146% and its three-year compound annual growth rate (CAGR) is 122.9%.

Syxsense fueled its adoption rates by releasing additional features, such as support for Linux and MacOS. Syxsense provides IT departments with a single interface for automating discovery, inventory and patching of Windows, MacOs, Linux and third-party applications.

“Support for Linux and MacOS extends our ability to deliver on our vision of allowing Syxsense customers to manage everything, everywhere, all the time from the cloud” says president and CEO Ashley Leonard.

With recent high-profile IT security incidents like Equifax, businesses need to discover and manage all desktops, servers and cloud assets. Syxsense is on the frontline of IT security, allowing IT managers to quickly calculate the health status of each system, identify vulnerable computers and then patch all their applications, especially third-party applications.

“We’re proud of the success we’ve had with Syxsense,” says Leonard.“Our hope is a continued trend in growth for the product and the company.”

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Whitepaper: Top 5 Patch Mistakes

By Patch ManagementNo Comments

Avoiding Major Patch Pitfalls

With countless approaches to patch management, there are many misconceptions about the best strategy. After a year of global cyberattacks such as WannaCry and Petya, companies need to take every step against critical vulnerabilities and future outbreaks.

There is no excuse for delaying patching or taking major missteps when IT security is on the line. In many cases, heavily targeted vulnerabilities are addressed in previous patches, one of the many reasons it should be top priority.

A simple effective patch management strategy is the key to IT success. This doesn’t mean worrying about cyberattacks for a week every time something like WannaCry hits the press.

Patching should be a standard IT process to ensure your organization is always protected. Although many companies rely on auto-updates, our whitepaper explains why this can actually lead to more security holes.

This whitepaper breaks down the assumptions that many IT professionals have about managing their environment. When a future ransomware attack occurs, these mistakes could significantly contribute to the spread of malware.

When the next doomsday strikes, you should be completely bulletproof. With a critical patch management approach, you will always be prepared.

Start a Free Patch Management Trial

Syxsense protects your IT assets secure with a simple, predictive patch management solution. Automatically keep desktops, laptops and remote users up-to-date with security patches.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Intel AMT Laptop Hack

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Hacked Within a Minute

Intel is dominating the cybersecurity headlines again for the wrong reasons.

F-Secure, a Finnish based cybersecurity firm, has reported their researchers discovered an easy manipulation of Intel Active Management Technology, or AMT, which bypasses the login processes. This behavior bug could allow anyone with physical access to your laptop to set up a backdoor in less than a minute.

It doesn’t require any code, nor does it appear as a noticeable change. With a short distraction or moment of inattention, your device could be set up as the gateway into the network it’s connected to.

The best way to mitigate this risk is to use a comprehensive management solution like Syxsense. CMS can manage any device, anytime, all from the cloud.

Within Syxsense, you can create queries to easily see selections of devices based on a multitude of criteria. For instance, if you wanted to see every Intel based laptop within your environment, it would only take a few clicks to do just that.

The device health indicator icons show you, at a glance, which devices require updates. Because these are color coded, you can also quickly see the severity of the updates needed.

As soon as Syxsense has an update from Intel, you’ll see a notification within your console. These alerts ensure you know when new updates arrive. There’s a better way to manager your environment. Get started today.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
||||

January Patch Tuesday: Spectre Patch Challenges

By News, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Patch Priorities and Dealing with Spectre

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

This has been widely breaking the news over the past week known as Spectre. Should this be your number one priority?

Robert Brown, Director of Services for Verismic says, “The vector analysis of the vulnerability shows the exploitability score to be 1.1 out of 10, which is the independently assigned score detailing the type, ease and requirements needed by both users, technology and ‘chance’ in order for this vulnerability to be exposed.

The CVSS v3 score of 5.6 means this is in the High severity rating (Critical being the highest level) which means given the evidence of this independent review, the patch is important, but this should not be as important as establishing a routine patching process for your company.

Brown continued saying, “As of today, there are no known exploits in the wild impacting Intel, AMD and ARM devices. Please be clear, the software patches made available for operating systems, browsers and applications do not actually remove the vulnerability, they simply act as a bandage to reduce the likelihood an attacker will be successful.”

A real fix requires all CPU vendors to have kernel with countermeasures, such as microcode updates to be in place. Intel said that it would issue its own microcode updates to address the issue. Other vendors have said they are providing similar countermeasures.

Microsoft Patches for CPU Flaws Break Windows

Computers with AMD processors, particularly older Athlon models could potentially have issues where Windows is unable to start. Some users from the community have reported that after installing Microsoft’s update the operating system freezes during boot when the Windows logo is displayed.

Robert Brown, Director of Services for Verismic says, “Although we have not seen this issue ourselves, testing your patches before deployment is essential, if you need help with a patch management plan please download our free patching advice, Avoiding Patch Tuesday.”

[vc_single_image image=”13020″ img_size=”200×200 px”]

The Worst Passwords of 2017 Revealed

With everything in the news about Spectre and Meltdown, it seems less significant to discuss passwords. For the second year in a row, the most common passwords used in 2017 has been revealed as “123456.” Simple passwords provide the easiest form of remote user authentication to expose vulnerabilities within your environment, providing easier identify theft and company espionage.

With this in mind, simple passwords can be made more secure with two-factor authentication like we use with Syxsense.

All login attempts require a randomly generated code via email or Google authenticator before access to your systems is granted – however we always recommend our customers to use a hardened password as an additional security precaution.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.

We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own) and anticipated business impact.

[vc_single_image image=”14043″ img_size=”full” alignment=”center”]
Vendor Name Title Vendor Severity Recommended
Microsoft Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011579) Critical Yes
Microsoft 2018-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4056887) Critical Yes
Microsoft Security Update for Microsoft SharePoint Server 2010 (KB4011609) Critical Yes
Microsoft 2018-01 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4056892) Critical Yes
Microsoft 2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890) Critical Yes
Microsoft 2018-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4056887) Critical Yes
Microsoft 2018-01 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems (KB4056887) Moderate Yes 
Microsoft 2018-01 Security Update for Adobe Flash Player for Windows Server 2012 for x64-based Systems (KB4056887) Moderate  Yes
Microsoft 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 for x64 (KB4055272) Important  
Microsoft Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011599) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055532) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4055532) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 2.0 and 3.0 on Windows Server 2008 SP2 for Itanium-based Systems (KB4055272) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4055272) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055271) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055270) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems (KB4055269) Important  
Microsoft 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 (KB4055267) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 2.0 and 3.0 on Windows Server 2008 SP2 for Itanium-based Systems (KB4055267) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 SP2 for x64 (KB4055267) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055266) Important  
Microsoft 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows Server 2012 for x64 (KB4055265) Important  
Microsoft Security Update for 2010 Microsoft Business Productivity Servers (KB3114998) Important  
Microsoft Security Update for Microsoft Office 2007 suites (KB4011201) Important  
Microsoft Security Update for Microsoft Office 2007 suites (KB4011656) Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011610) 32-Bit Edition Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011610) 64-Bit Edition Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011611) 32-Bit Edition Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011611) 64-Bit Edition Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011658) 32-Bit Edition Important  
Microsoft Security Update for Microsoft Office 2010 (KB4011658) 64-Bit Edition Important  
Microsoft Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011605) Important  
Microsoft Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607) Important  
Microsoft Security Update for Microsoft Office Excel 2007 (KB4011602) Important  
Microsoft Security Update for Microsoft Office Excel Viewer 2007 (KB4011606) Important  
Microsoft Security Update for Microsoft Office Outlook 2007 (KB4011213) Important  
Microsoft Security Update for Microsoft Office Word 2007 (KB4011657) Important  
[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL FO SYXSENSE[/dt_default_button]
|||

CPU Meltdown: Emergency Patching For Every Device

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Protect Yourself from the Worldwide ‘Meltdown’

Reports across the internet are confirming that every CPU since 1995, whether it’s Intel, AMD, ARM, or other, has a major security flaw.

According to Google’s Project Zero, and admissions by the CPU’s own manufactures, there is an issue with how chips handle speculative execution, allowing access to passwords and other sensitive data without leaving a trace.

The two attack vectors that researchers are concerned about are Meltdown and Spectre. It is not entirely certain if security products can even detect these malware. To be clear, there is no evidence of exploitation yet, but researchers are deeply worried. They pointed out that the attacks don’t leave any traces in traditional log files and they are unlikely to be detected by security products.

Attacks using this exploit can be launched against PCs, mobile devices, and servers. Any devices that have CPUs manufactured by Intel, AMD, and ARM are vulnerable. Which, in short, is almost every CPU based device in the world.

Developers are rushing to create updates that will close this vulnerability. It seems Windows and Mac have already slipped in updates that should help mitigate exposure to this vulnerability. But it is believed that Microsoft will release an update within their usual Patch Tuesday content, and that other companies will quickly follow.

We highly recommend Syxsense customers download the latest patch updates to their systems as soon as possible. The required updates are now available within our patch content.

If you aren’t already using Syxsense, ask yourself: Does my IT management tool give me access to the latest content? Does it provide the ability to distribute Microsoft and third party updates? Can you scan and target Windows, Mac, and Linux devices?’

With Syxsense, manage anything, anytime, all from the cloud. Start a trial today.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]
|

2018: Year of the IoT Hackers

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

What’s Coming in 2018?

As we reflect on 2017 and the massive amount of high-profile security breaches from the past year, we ask ‘what could 2018 possibly bring’?

This year we’ve had Equifax compromised, TeamViewer exploited, BitPaymer disrupting, and the worldwide-felt WannaCry attack. 2017 was a year of escalating ransomware and cybercrime.

But 2018 will bring a new form of exploit; the Internet of Things. With the IoT, companies will find that their number of vulnerable devices is exponentially larger than expected. More items within an environment are connected to the internet. From things like power-saving plugs to smart lightbulbs, offices are filled floor to ceiling with devices that need updates.

Hackers are already looking at these as a way into environments. Even though protections for conventional computers are getting more sophisticated, these other devices are going virtually forgotten. Any device that connects to the Wi-Fi is a potential security risk if left unpatched. It seems IT management tools have no answer for this onslaught of new vulnerabilities.

But Syxsense is preparing. In 2018, we will be revealing the next evolution in IT management. Our solution will be the first to discover and manage devices of the IoT.

With a rapid sweep of your network, CMS will be able to show you any device connected to your network. Then you will be able to manage that device with our resource-light patch and software deployments solution. Manage anything, anytime, all from the cloud. Learn more about managing the IoT with Syxsense.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]