Skip to main content
Monthly Archives

May 2018

||

FBI Warns Again of New Hidden Cobra Strike

By NewsNo Comments

Hidden Cobra Strikes Again

US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several security firms that blamed the same group for a 2014 cyberattack on Sony Pictures Entertainment.

HIDDEN COBRA uses two pieces of malicious software: the self-spreading “worm” Brambul that attackers use to infect computers and malware known as Joanap.

Joanap gives hackers remote control of devices so they can steal data, install additional viruses and perform other tasks. Hidden Cobra has used Brambul and Joanap for several years, making little change to the malware over that period.  The first alert of HIDDEN COBRA dates back to 2009, meaning the patches for these vulnerabilities have existed for years.

Google Chrome ‘Out of Bounds’

Google has released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.

Of the 34 security fixes delivered in the new browser release, 24 are for vulnerabilities reported by external researchers.  These include 9 flaws rated High, 12 as Medium and the remaining 3 considered Low severity.  The worst of the vulnerabilities could allow an attacker to take control of an affected system.

Google also addressed Out of bounds memory access in PDFium, Incorrect escaping of MathML in Blink, and Password fields not taking advantage of OS protections in Views.

The top mitigation strategy recommended in the alert is keeping software up-to-date. “Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.”

How to Handle Software Updates

Syxsense is the solution for your patching needs. At a glance, you can easily tell which devices need updates. Our color-coded indicators tell you the severity and number of patches a device requires. Then it’s a few simple steps to set up an automated patch deployment. You can ensure no work is interrupted by scheduling patches to be deployed around business hours.

There’s a better way to manage patching. Come see how with a trial of Syxsense.

Third-Party Patch Updates

Below is a table of third-party updates from May 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat: v11.0.23 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

 

Acrobat Reader: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

 

AcrobatDC: v18.011.20040 – https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

 

FlashPlayer ActiveX: v29.0.0.171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

 

FlashPlayer: v29.0.0.0171 – https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

 

N/A
FileZilla FTP Solution FileZilla: v3.33 – https://filezilla-project.org/versions.php

 

N/A
GNOME Foundation GIMP  

GIMP: v2.10.2 – https://www.gimp.org/release-notes/gimp-2.10.html

 

Google Browser  

Chrome: v67.0.3396.62 – https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

 

N/A
KeePass Password Locker  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html

 

 

Malwarebytes

Antivirus  

Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Browser and Email Application  

Thunderbird: v52.8.0 – https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/

 

Firefox: v60.0.1 – https://www.mozilla.org/en-US/firefox/60.0/releasenotes/

 

Wireshark Network Protocol Analyzer  

2.6.1 – https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html

N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

‘Roll Back’ To The Future

By NewsNo Comments

Beware: Windows 10 Feature Updates are Double Work!

Windows 10 Feature Updates (Windows 10 Servicing) will dominate the agenda of many IT Managers as Microsoft uses their new release method to introduce new operating system experiences and security enhancements for their flagship operating system. These are scheduled for release every 6 months until the end of extended support in October 2025.

Before you start your journey, you need to be aware that each feature update will have its own support for 18 months, forcing IT Managers to keep releasing these updates at least every 12 months.  If you are still using Windows 10 version 1607, support has already ended.

 

Verismic recommends that IT managers plan out their Windows 10 Feature Updates as soon as it is publicly available.  But Beware: upon installation of the Windows 10 Feature Update, any patch or update which has been deployed since the date of that feature update will have to be re-deployed to bring that system back up to date.

Robert Brown, Director of Services for Verismic says, “IT managers spend a lot of time planning and deploying their Windows updates each month. They need to understand that after installing any Windows 10 Feature Update, they will be effectively rolled back in time to the date of that release. Example Fig.1 below, next month if you apply 1803, you will have to re-deploy all updates since March – that could be over 40 updates per device. Use Syxsense to make re-deployment far easier and more efficient.”

Microsoft is giving IT Managers double the work, but Syxsense simplifies patching. Our Patch Manager quickly identifies any device in need of updates. Then a maintenance window can be created to deploy the updates after business hours, avoiding any loss in productivity.

Start a trial of Syxsense today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

FBI Warning: Reset Your Routers

By NewsNo Comments

FBI, DHS, and UK Authorities issue warning over VPNFilter

The FBI, DHS and UK authorities have issued a warning for the VPNFilter malware threat. According to Alert TA18-145A, there are concerns that actors will use VPNFilter to target routers and “collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic.”

Cisco researchers have indicated the following devices are known to be vulnerable:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

The warning instructs that you install any new firmware for your routers and, after updating, reset your router. Even if you don’t have one of the listed devices, its recommended you update and reset your router as well.

Also, as a good practice and to protect yourself from repeat infection, ensure your router administration credentials are not set to the factor default.

According to Cisco’s Talos, the VPNFilter malware is known to have already infected at least 500,000 network devices across 54 countries.

This clearly illustrates an important IT lesson: relying solely on your firewall for protection isn’t enough. Malware is becoming more sophisticated and actors are looking for any way into your environment.

What to do:

IT departments need to keep their firmware up to date, but also keep patching regularly. Use a patching solution like Syxsense to ensure you’ll never have a lapse in important updates. CMS detects which devices need updates and the severity of those updates. Then you can schedule a time-frame in which to automatically deploy needed updates. This ensures every device is secured without interrupting business hours.

Check out a better way to manage your environment. Start a trial with Syxsense

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

The Rapid Rise of the IoT

By NewsNo Comments

The IoT is Here to Stay: Risks Included

Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device.

This shows the IoT has truly reached mass adoption across the country. This also presents inherent risks to everyone connected to the Internet of Things. At this scale of growth, taking action to manage the IoT is critical and urgent.

Other observations include:

  • Over 90% surveyed have made a purchase of a connected home device.
  • Nearly 70% already have a voice-controlled system such as an Amazon Alexa or Google Home.
  • 58% percent of people who own a connected home device are concerned about how it may impact their privacy.
  • 74% of respondents think connected home devices are the wave of the future.
  • Over 30% who do not have a connected home device plan to make a purchase within the year.

Manage the IoT

Robert Brown, Director of Services for Verismic said, “As our ownership of smart technology expands, there will become a moment in time when you will no longer have the instant knowledge of the devices in your home or office which could be used to expose critical vulnerabilities, breach your network or steal your identity.

Syxsense will give you a simple view of all of the IoT devices in your home or office, and provide you the information you need to keep yourself better protected.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Red Hat Vulnerabilities Exposed

By NewsNo Comments

Red Hat Linux DHCP Client Vulnerability

Red Hat has been made aware of a couple of flaws in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions, these are identified as CVE-2018-8897 & CVE-2018-1087.

These issues could lead to a denial of service (DoS) for unpatched systems.

The second is a DHCP vulnerability, identified as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. CVE-2018-1111 is rated as a Critical vulnerability and we would recommend our clients to deploy this update as quickly as possible.

The following Red Hat product versions are impacted:

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux Atomic Host
  • Red Hat Enterprise MRG 2
  • Red Hat Virtualization Hypervisor 4
  • Red Hat Enterprise Virtualization Hypervisor 3

Patch Everything

All of the above are available to be patched using Syxsense. It’s critical to take action immediately to protect against these critical vulnerabilities.

Software vulnerabilities for Linux systems are among the top 20 most critical vulnerabilities by the FBI and the SANS Institute. Syxsense provides true network security, including Linux OS patching. Manage every threat with the click of a button.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Microsoft Fixes Two Zero-Day Exploits

By NewsNo Comments

Two Zero-Day Exploits Resolved

Microsoft has released two zero-days that have actively been exploited in the wild by cybercriminals. Microsoft has credited Qihoo 360 and Kaspersky Lab for reporting this vulnerability.

Both companies say the flaw has been exploited in targeted attacks, but no information is currently available.

Double Kill IE 0-day Vulnerability

(CVE-2018-8174) under active attack is a critical remote code execution vulnerability that was revealed by Chinese security firm Qihoo 360 last month and affected all supported versions of Windows operating systems.

Dubbed “Double Kill” by the researchers, the vulnerability is notable and requires prompt attention as it could allow an attacker to remotely take control over an affected system. This could be done by executing malicious code remotely through several ways, such as a compromised website, or malicious Office documents.

Win32k Elevation of Privilege Vulnerability

(CVE-2018-8120) patched this month is a privilege-escalation flaw that occurred in the Win32k component of Windows when it fails to properly handle objects in computer memory.

The vulnerability is rated “important,” and only affects Windows 7, Windows Server 2008 and Windows Server 2008 R2. The issue has actively been exploited by threat actors, but Microsoft did not provide any detail about the in-the-wild exploits.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

May Patch Tuesday: Major Windows 10 Updates

By News, Patch TuesdayNo Comments

Logitech IoT Harmony Hub Fixes Several Security Flaws

Harmony Hub-based products, which include Harmony Elite, Home Hub, Ultimate Hub, Home Control, Pro, Smart Control, Smart Keyboard, Ultimate Home, and Harmony Hub are potentially vulnerable to four types of vulnerabilities that can be combined to gain root access to a device via SSH.

Harmony Hub is used by thousands of customers to control smart locks and thermostats within their homes and offices.

Robert Brown, Director of Services for Verismic said, “Opening your front door to your home or office using a security flaw is usually reserved for Hollywood films. As Internet of Things technology evolves, it’s not just Windows or third-party software you need to patch, you will soon need to patch your home thermostat or smart camera. If you are having trouble identifying your IoT devices in your home or office, start a trial of Syxsense today.”

Lenovo Code Execution Flaw Revealed

On Friday, May 4, Lenovo announced a couple of flaws with its popular ThinkPad line and System X servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. As a result, an attacker with physical access to the system could boot unsigned, malicious code onto the device which could deliver an attack or infect the system. We are not aware of any known exploits currently being used in the wild however we are recommending our clients to update their systems urgently.

SmartCam Cameras – Unauthorized Remote Viewing

Kaspersky’s ICS-CERT team has conducted its research on Hanwha SNH-V6410PN/PNW SmartCam devices, but the same firmware is used for multiple camera models — different features in the firmware are active depending on the model — which means many of the company’s products are likely affected by these vulnerabilities.

Researchers have analyzed these devices and discovered a significant number of flaws. One of the flaws found by Kaspersky can be exploited to register cameras that have yet to be registered. This not only prevents legitimate owners from registering and using their cameras, but also allows hackers to take control of the cameras they have registered.

Researchers have analyzed these devices and discovered a significant number of flaws. One of the flaws found by Kaspersky can be exploited to register cameras that have yet to be registered.

This not only prevents legitimate owners from registering and using their cameras, but also allows hackers to take control of the cameras they have registered.

Patch Tuesday Release

This May’s Patch Tuesday has quite a few Microsoft fixes for both the OS and browser. In total, 67 unique CVEs are addressed in 17 KB articles, with 21 CVEs marked Critical. 32 of these CVEs reference Remote Code Execution, 19 of which are Critical.

Adobe has patched several vulnerabilities in its Flash Player, Creative Cloud and Connect products, but the company believes it’s unlikely that the flaws will be exploited in the wild any time soon.

Vendor  Severity Title
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for ARM64-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x86-based Systems (KB4103729)
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4103768)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4103721)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x86-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for ARM64-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x86-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x86-based Systems (KB4103729)
Microsoft Critical 2018-05 Security Only Quality Update for Windows 7 for x64-based Systems (KB4103712)
Microsoft Critical 2018-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4103718)
Microsoft Critical 2018-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4103718)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4103721)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4103727)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4103727)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4103721)
Microsoft Critical 2018-05 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4103727)
Microsoft Critical 2018-05 Security Only Quality Update for Windows 7 for x86-based Systems (KB4103712)
Microsoft Critical 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64-based Systems (KB4103729)
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Windows Containers Opened: Microsoft Issues Emergency Patch

By NewsNo Comments

Microsoft Releases Critical Update

In something of an unusual move, Microsoft has released a critical update before Patch Tuesday. This patch addresses a vulnerability within the Windows Host Compute Service Shim (hcsshim) library.

Thanks to work by Swiss security researcher Michael Hanselmann, the flaw was identified and an update has been released. According to the security update CVE-2018-8115, “a remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image.”

Basically, someone could place malicious code in a container image and then execute code on the host operating system. However, Microsoft believes that it is unlikely that this flaw has or will be exploited.

When it comes to holes in your security, it’s better to be safe than sorry. Deploy this emergency Microsoft update to every Windows device.

Utilizing Syxsense can make such a deployment a breeze. Simply scan your networks for any device running Windows. Then create a maintenance window to deploy the update after business hours. Syxsense can even email you once the task has been completed.

Don’t be caught unprepared and start your free trial of Syxsense today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Oracle Doesn’t Predict WebLogic Flaw

By NewsNo Comments

Oracle WebLogic Flaw Opens Door to Hackers

In early April, Oracle released updates for a vulnerability within WebLogic Server. At the time, it seemed like that was that, but now a tech researcher claiming to be part of Alibaba’s security team has found a work around.

There are also indications that hackers are seeking to target these devices again. Groups on the lookout have observed a large spike in devices scanning for TCP port 7001, a port related to the WebLogic vulnerability.

Affected versions of WebLogic: 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3.

To ensure your devices are up to date, implement a patch manager that will eliminate the burden of constant software updates.

Syxsense will scan your devices to determine which need updates. Then a task can be set up that will deploy the patches around working hours.

Start your trial of Syxsense today. Manage your devices inside or outside your network from the cloud without software to download and nothing to install.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Spectre Still Haunts Microsoft and Intel

By NewsNo Comments

Living in the Shadow of Spectre

After fumbling their first attempt at patching the Spectre vulnerability, Microsoft has released Security Update 4078407.

According to their security advisory, “applying this update will enable the Spectre Variant 2 mitigation CVE-2017-5715 – “Branch target injection vulnerability.”

Microsoft has released several stages of updates in an attempt to deal with Spectre. In March, Microsoft addressed Windows systems running on Intel Skylake, Coffe Lake, and Kaby Lake CPUs. They then followed up by releasing updates for Broadwell and Haswell processors, as well as updates for Windows 7 and Windows Server 2008 R2.

To ensure the security, and now stability, of devices with the affected processors, these updates need to be deployed.

Syxsense can simplify such a task. Our Patch Manager quickly identifies any device in need of updates. Then a maintenance window can be created to deploy the updates around business hours, avoiding any loss in productivity.

Don’t let the ghost of Spectre haunt your security. Start a trial of Syxsense today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo