Skip to main content
Monthly Archives

June 2018

|||

Third-Party Patch Update: June 2018

By NewsNo Comments

Third Party Software Updates: June 2018

Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses.

These devices can be exploited thanks to two common IoT issues; IoT devices do not require authentication for connections received on a local network and because HTTP is more prevalent to control embedded devices.

These vulnerabilities could enable anyone to “virtually map” your network, which has much wider consequences such as DoS (Denial of Service) to your most critical infrastructure, disrupting your end user experience or potentially planning much more sophisticated cyber warfare.

Just imagine what could happen if a hacker could learn the OS host name & IP information for all your servers.

Both Roku and Sonos are actively working to resolve these issues, but updates will be necessary to secure your devices.

Start a trial with Syxsense and see if these devices are in your network.

Third-Party Patch Updates

Below is a table of third-party updates from June 2018: 

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

AIR: v30.0.0.107 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

 

Flash Player: v30.0.0.113 – https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

 

N/A
Citrix  

Citrix Receiver: v4.12 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 

Evernote  

Evernote: v6.13.13.7425 –

 

FileZilla FTP Solution  

FileZilla: v3.34 – https://filezilla-project.org/versions.php

 

N/A
Google Browser  

Chrome: v67.0.3396.99 – https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-chrome-os_26.html

 

N/A
 

Malwarebytes

Antivirus  

Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Browser and Email Application  

Firefox: v60.0.2 – https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/

 

Peter Pawlowski Audio Player  

Foobar2000: v1.4 – https://www.foobar2000.org/changelog

 

Uvnc bvba Remote Access Tool  

UltraVNC: v1.2.2.1

 

WinSCP SFTP, SCP, and FTP client  

WinSCP: v5.13.3 – https://winscp.net/eng/docs/history

 

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Ransomware in 2018 Has New Leverage

By NewsNo Comments

Ransomware’s Unexpected Ally: GDPR

While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage.

With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible.

In addition, because GDPR requires the reporting of a cyber breach, reputations will be immediately damaged regardless of how the event turns out. Such reputational damage can cost entities significantly.

Insurance claims are the aftershock of ransomware

In 2017, the UK supermarket chain Morrisons faced a lawsuit regarding compromised data. Those persons who had their data compromised sought compensation, and were granted it by the court. This ruling sets the stage for any number of similar cases of people seeking damages from having their data stolen.

After having already dealt with the costs of fixing the breach and reputational damage, the ransomware event bites back again with these new costs.

The IoT is the next cyber-crime minefield

While not getting the attention it deserves, IoT ransomware attacks are on the rise. In addition, IoT devices are getting smarter, more pervasive, and starting to collect valuable data. This is an already vulnerable field that is only getting more dangerous.

Companies need to get an understanding on just how many IoT devices they have in their networks. Security can’t be maintained if it’s unclear what could be vulnerable.

The bottom line is this: cybercrime costs continue to increase rapidly and are expected to hit $2 trillion in 2019. What will you do to prepare your systems?

Syxsense is prepared to address the threats of today and tomorrow. With our Patch Manager, you can easily identify vulnerable devices and patch them immediately.

Our discovery feature can also show you just how many IoT devices sit inside your networks. With a clear picture of your environment, you can implement a solid protection strategy.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Cortana Exploited to Hack Windows 10 PCs

By NewsNo Comments

Cortana Stealing Windows 10 Passwords & Photos

Cortana, Microsoft’s AI-based smart assistant, could help attackers unlock your system password. As one of their flagship features, Cortana comes built into every version of Windows 10.

Publicly known as CVE-2018-8140, this vulnerability has been given a severity rating of Important by Microsoft. Normally something this invasive would be rated as critical, but, in this case, physical access to the device is needed. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.

With the latest patch Tuesday release, Microsoft has pushed an update to address this easily exploitable vulnerability in Cortana. It’s also recommended that you disable Cortana on the lock screen of your devices.

As with every Patch Tuesday release, Syxsense is prepared to simplify your patch deployment. Our device health indicators visually show which devices need updates. Then you can easily target the vulnerable devices and deploy the needed patches.

Discover a better way to update your devices. Start a trial with Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Critical Flaws in Global Security Cameras

By NewsNo Comments

Global Security Infrastructure Exposed

Axis Communications, the global market leader for IP enabled security cameras, has confirmed there are seven major vulnerabilities in 400 of its security camera models.

Axis’ cameras are frequently used as part of critical security infrastructure in places like the Sydney Airport, Moscow Metro and the City of Houston.

Exploitation of these vulnerabilities would allow malicious actors to gain complete control of the camera and its video stream.

Remotely targeting the device, someone could do such things as view the video stream, freeze the video, control the direction of the camera, add the device to a botnet, modify the software, and other actions that could destroy security.

It’s important to keep track of what devices are within your environment. But can your IT tool detect IoT devices? With Syxsense, you get the full picture of your environments. Not only can CMS detect PCs, Macs, and Linux devices, but it can detect any device with an IP address.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

June Patch Tuesday: Summer Storm

By News, Patch TuesdayNo Comments

Microsoft Releases 50 Updates

For June Patch Tuesday, Microsoft has released a massive 50-update rollup that affects every version of Windows still in support. Included are fixes for the Windows OS, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, Microsoft Office and Microsoft Office Services, and Web Apps.

If you are using Windows 10, this latest cumulative update also comes with other quality improvements, including a fix for an issue that caused PCs to boot to a black screen. If you’ve had issues with brightness controls on your laptop, Microsoft recommends you apply this latest update as well.

Robert Brown, Director of Services for Verismic says, “Windows 10 cumulative updates are a huge benefit for IT Managers who need to update their systems as quickly as possible. However, there is a disadvantage  that comes in the form of additional testing. You cannot separate the cumulative updates so you need to be sure when you start deploying that it’s fully tested.

Even the smaller updates like the screen brightness issue above can cause huge disruption for your employees. Using Syxsense can make that process more efficient as you can schedule those test deployments from a single internet browser.  If any update is seen to cause an issue, you can easily omit that update until a fix is provided.”

Urgent Update for Google Chrome & Mozilla Firefox

Google has released Chrome version 67.0.3396.79 for Windows, Mac, and Linux. Thanks to work by security researcher Michal Bentkowski, Google was made aware of, and patched, this high severity vulnerability. While details are limited, the vulnerability seems to be an issue with handling CSP header that could lead to an attacker gaining control of the targeted device.

Mozilla has also released security updates to address critical vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

Start a free trial of Syxsense to enhance your patch strategy with more efficiency and simplicity today.

Patch Tuesday Release

Vendor Name Vendor Severity Title
Microsoft Critical 2018-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4284826)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4284880)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4284880)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4284874)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4284874)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4284819)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4284819)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4284819)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4284835)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4284835)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284835)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284835)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4284835)
Microsoft Critical 2018-06 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4284835)
Microsoft Critical 2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)
Microsoft Critical 2018-06 Security Only Quality Update for Windows 7 for x64-based Systems (KB4284867)
Microsoft Critical 2018-06 Security Only Quality Update for Windows 7 for x86-based Systems (KB4284867)
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB4230450)
Microsoft Critical Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4230450)
Microsoft Important Security Update for Microsoft Excel 2010 (KB4022209) 32-Bit Edition
Microsoft Important Security Update for Microsoft Excel 2010 (KB4022209) 64-Bit Edition
Microsoft Important Security Update for Microsoft Excel 2013 (KB4022191) 32-Bit Edition
Microsoft Important Security Update for Microsoft Excel 2013 (KB4022191) 64-Bit Edition
Microsoft Important Security Update for Microsoft Excel 2016 (KB4022174) 32-Bit Edition
Microsoft Important Security Update for Microsoft Excel 2016 (KB4022174) 64-Bit Edition
Microsoft Important Security Update for Microsoft Office 2010 (KB4022199) 32-Bit Edition
Microsoft Important Security Update for Microsoft Office 2010 (KB4022199) 64-Bit Edition
Microsoft Important Security Update for Microsoft Office 2013 (KB4022182) 32-Bit Edition
Microsoft Important Security Update for Microsoft Office 2013 (KB4022182) 64-Bit Edition
Microsoft Important Security Update for Microsoft Office 2016 (KB4022177) 32-Bit Edition
Microsoft Important Security Update for Microsoft Office 2016 (KB4022177) 64-Bit Edition
Microsoft Important Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4022196)
Microsoft Important Security Update for Microsoft Office Excel Viewer 2007 (KB4022151)
Microsoft Important Security Update for Microsoft Outlook 2010 (KB4022205) 32-Bit Edition
Microsoft Important Security Update for Microsoft Outlook 2010 (KB4022205) 64-Bit Edition
Microsoft Important Security Update for Microsoft Outlook 2013 (KB4022169) 32-Bit Edition
Microsoft Important Security Update for Microsoft Outlook 2013 (KB4022169) 64-Bit Edition
Microsoft Important Security Update for Microsoft Outlook 2016 (KB4022160) 32-Bit Edition
Microsoft Important Security Update for Microsoft Outlook 2016 (KB4022160) 64-Bit Edition
Microsoft Important Security Update for Microsoft Publisher 2010 (KB4011186) 32-Bit Edition
Microsoft Important Security Update for Microsoft Publisher 2010 (KB4011186) 64-Bit Edition
Microsoft Important Security Update for Microsoft SharePoint Foundation 2013 (KB4022190)
Microsoft None Security Update for Microsoft Office 2010 (KB3115197) 32-Bit Edition
Microsoft None Security Update for Microsoft Office 2010 (KB3115197) 64-Bit Edition
Microsoft None Security Update for Microsoft Office 2010 (KB3115248) 32-Bit Edition
Microsoft None Security Update for Microsoft Office 2010 (KB3115248) 64-Bit Edition
Microsoft None Security Update for Microsoft Office 2013 (KB4018387) 32-Bit Edition
Microsoft None Security Update for Microsoft Office 2013 (KB4018387) 64-Bit Edition
Microsoft None Security Update for Microsoft Web Applications (KB4022203)
Microsoft None Update for Windows Defender Antivirus antimalware platform – KB4052623 (Version 4.18.1806.18062)
Microsoft None Windows Malicious Software Removal tool – June 2018 (KB890830)
Microsoft None Windows Malicious Software Removal Tool – June 2018 (KB890830)
Microsoft None Windows Malicious Software Removal Tool x64 – June 2018 (KB890830)
Microsoft None Windows Malicious Software Removal Tool x64 – June 2018 (KB890830)
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Flash Alert: Zero-Day Update

By NewsNo Comments

Adobe Issues Patch for Flash Player Zero-Day Exploit

Adobe has released a critical update for Flash. This zero-day vulnerability is, on a limited basis, being exploited in the wild.

According to the Adobe Security Bulletin, “These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.”

It seems the end of Flash is going to be much like its history; filled with critical exploits. Rather than update Flash, it’s being recommend that you simply remove it. Starting in 2019, Flash will be disabled by default and has an end-of-life target of 2020. Don’t wait for yet another critical vulnerability to begin the rollback process.

It’s Time to Remove Flash

Syxsense makes it simple to uninstall software. With a quick scan, you can discover every device that has Flash. After going through our straight-forward software deployment task manager, simply select ‘uninstall’ instead of ‘install’. The task will run and remove the software from every targeted device.

It’s time to say goodbye to Flash. See how painless it could be with a trial of Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

100 Million IoT Devices Exposed

By NewsNo Comments

Z-Wave IoT Devices Exposed

Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks.

According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected.

It turns out that a variant of this downgrade attack was discovered last year by cybersecurity consulting firm SensePost, but the vendor told experts at the time that the risk was being mitigated by users being notified when additional pairing of devices were established.

Manage the IoT

Syxsense will give you a simple view of all of the IoT devices and provide you the information you need to keep yourself better protected. Sign up for a free trial today to get started.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Microsoft Zero-Day for JScript

By News, Patch TuesdayNo Comments

Remote Code Execution Vulnerability Disclosed

Researchers at Telspace Systems have advised they have found a Zero Day exploit, but no fix is yet available. The release date has been estimated to be in the July 2018 Patch Tuesday, however we will let you know when a fix is announced.

The issue lies in Microsoft’s ECMAScript standard – its JScript component used in Internet Explorer. In this case, JScript is implemented as an active scripting engine.

The flaw could allow code execution within a sandboxed environment which usually is protected from access. An attacker can then leverage the vulnerability to execute code under the context of the current process.

How to Patch More Efficiently

Syxsense is the solution for your patching needs. At a glance, you can easily tell which devices need updates. Our color-coded indicators tell you the severity and number of patches a device requires. Then it’s a few simple steps to set up an automated patch deployment. You can ensure no work is interrupted by scheduling patches to be deployed around business hours.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo