Skip to main content
Monthly Archives

April 2019

|||

Mayday! Windows May 2019 Update Will Be A Struggle for Small Disks

By NewsNo Comments

Mayday! Windows May 2019 Update Will Be A Struggle for Small Disks

The May release of 1903 is blocking updates on PCs that use USB storage or SD cards.

As we reported back in January, the May release of 1903 will permanently reserve 7GB of disk space. It is also blocking updates on PCs that use USB storage or SD cards.  While this will avoid out-of-disk errors and inappropriate drive reassignment when updating, it represents a substantial reduction in usable space on low-storage systems.

Previously, Microsoft would use the release of a new operating system to bump the minimum hardware requirements that the software needs. 32-bit Windows had a minimum storage requirement of 16GB, and 64-bit Windows needed 20GB. Both of these were extremely tight, leaving little breathing room for actual software, but technically this was enough space for everything to work. That minimum has now been bumped up: it’s 32GB for both 32- and 64-bit versions of Windows.

The following error message will be shown for Windows 10 users where the May 2019 Update has been blocked because of problematic external USB storage devices or SD cards.

If you see this message, just remove the external USB or SD media and restart the update.

For the permanently reserved 7GB of disk space, there are still unknowns about how this will work. For instance, will this reserved storage space be manageable through group policies?

This change leaves IT with an important question, do all Windows devices have the necessary space to facilitate this new demand? To prevent going to every single device and noting its current storage space, utilize an IT solution with comprehensive inventory information.

Syxsense displays current data from your devices. Looking at the free disk space information, there will be no question as to which devices have enough space to handle this new Windows function.

Start a  trial Syxsense and all of its features before Windows rolls out their next update.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

How Forgotten Legacy Systems Could Be Your Downfall

By Patch ManagementNo Comments

How Forgotten Legacy Systems Could Be Your Downfall

Legacy systems present a major security risk as attackers continue to target vulnerabilities on these devices.

This article originally appeared in Infosecurity Magazine

Some companies just simply swear by the adage, “If it ain’t broke, don’t fix it” and continue to run workstations and servers on legacy systems.

Take the case of the world’s most popular operating system (OS) – Windows. According to NetMarketShare, Windows 10, Microsoft’s latest iteration of the OS for workstations, has finally surpassed Windows 7 as the leading OS. Globally, Windows 10 now has a market share of 40.30% compared to Windows 7’s 38.41% as of February 2019.

Interestingly, Windows 10 only edged Windows 7 in the tail end of 2018 despite being in the market since 2015. Users typically cite Windows 7’s dependability as a key reason for its longevity. Yet, it’s a bit surprising why users still stick to the aging OS. Windows 10 is just arguably just as, if not more, dependable.

Windows 7 compatibility is now becoming an issue as new software and hardware are now designed to work only with newer operating systems. Computers with newer processors will not be able to use OS versions older than Windows 10.

What’s even more remarkable is that Windows 7’s market share still translates to millions of computers around the world. Users continue to put faith in the OS even if mainstream support ended back in 2015. Microsoft’s extended support for Windows 7 will also only be until January 2020 and when this happens, the OS will stop receiving free security updates or support. Only Professional and Enterprise license holders will have the option to get paid support until 2023.

Why Legacy Creates Risks
Unfortunately, this continued use of legacy systems presents a major security risk as developers tend to focus on actively providing support for their latest versions. So, any discovered or disclosed vulnerability to these older systems may not be fixed or addressed, leaving them vulnerable to attack.

Attackers typically focus on these vulnerabilities to widely-used legacy systems. For example, among the reasons why the Wannacry ransomware outbreak crippled a number of companies is because of the use of legacy systems.

In the case of NHS, the ransomware infected endpoints running on Windows XP which were specifically vulnerable due to unpatched flaws. This ultimately compelled Microsoft to rollout a special patch for the 3.34% of computers that still ran on the “dead” OS. This was quite an odd case since extended support for Windows XP ended way back in 2014.

Companies’ lackadaisical attitude towards upgrading and updating legacy systems is also to blame. An RSA Conference survey revealed that less than half of companies patch vulnerabilities once they are publicized. Some even wait weeks or months before acting on security bulletins.

What to Do
Companies would do well to patch the potential security vulnerabilities, given the dire consequences of falling victim to a cyber-attack. Legacy systems and other system and software vulnerabilities should be carefully analyzed and addressed, and IT teams should commit to the following:

Create a comprehensive inventory – IT teams should perform a complete inventory of all devices including the hardware, OS, and software specifications of each endpoint. Companies must know how many devices actually run on aging systems or load legacy software since they could all become vulnerable once developer support ends.

Invest in upgrades – Many might not see the benefit of upgrading especially if the legacy ones still work for their purposes. However, the reality is that, part of what users pay for in new software versions is the active support that developers provide. If cost is an issue, they could weigh the risks of security risks and the benefit of support. Besides, developers often offer discounts on upgrades to existing customers.

Invest in extended support – As an alternative, companies could also look into acquiring extended support from their vendors. Some developers provide service level agreements (SLAs) to their legacy users. However, this must be carefully weighed against the benefits of having mainstream support.

Timely deploy patches – Companies must stay on top of security bulletins and patch their systems accordingly. IT teams can also use management platforms to automatically deploy patches to affected endpoints as soon as fixes are released.

Why Upgrading is a Precaution
Attackers are not wasting their time in targeting potential victims. Many security threats are now automated where hackers use bots and scripts to scan and attack vulnerable endpoints. As such, users have to keep their infrastructures secure at all times.

Due to the lack of active support, legacy systems are among the most vulnerable to such attacks. Companies should be mindful of these security risks and commit to make the proper investment to upgrade their systems.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Sophos and Windows 7 Updates Incompatible

By News, Patch ManagementNo Comments

Sophos and Windows 7 Updates Incompatible

Reports indicate Sophos Endpoint Antivirus is incompatible with the latest updates for Windows 7, causing a total crash on the log on screen or BSOD.

Sophos Endpoint Antivirus is a hybrid antivirus solution that provides businesses protection against malware, viruses and offers a remote management tool. Regrettably, there are reports that it is not compatible with the latest Windows updates for Windows 7 causing either a total crash on the logon screen or BSOD.

The issue occurs with the following Microsoft updates:
  • KB4493446
  • KB4493448
  • KB4493450
  • KB4493451
  • KB4493458
  • KB4493467
  • KB4493471
  • KB4493472
Robert Brown, Director of Services for Verismic said, “We have learned Sophos recommends immediately removing these updates from your active deployments, and if already deployed to remove them swiftly until the issue is resolved. A patch is not yet available, but to make things easier our customers can search for these updates in Syxsense and easily remove them without causing any further end user disruption.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Thank You For Not Patching

By News, Patch ManagementNo Comments

Thank You For Not Patching

New studies show how patching continues to impact most organizations with real consequences.

Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched.

Half of organizations in a new Ponemon Institute study conducted on behalf of ServiceNow say they were hit with one or more data breaches in the past two years, and 34% say they knew their systems were vulnerable prior to the attack. The study surveyed nearly 3,000 IT professionals worldwide on their patching practices.

Patching software security flaws by now should seem like a no-brainer for organizations, yet most organizations still struggle to keep up with and manage the process of applying software updates. “Detecting and prioritizing and getting vulnerabilities solved seems to be the most significant thing an organization can do [to prevent] getting breached,” says Piero DePaoli, senior director of marketing at ServiceNow, of the report.

“Once a vulnerability and patch are announced, the race is on,” he says. “How fast can a hacker weaponize it and take advantage of it” before organizations can get their patches applied, he says.

Get started with Syxsense to elevate your approach to IT patch management and protect your business from major vulnerabilities and threats.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Microsoft Patch Tuesday Updates Are Freezing Windows

By News, Patch Management, Patch TuesdayNo Comments

Microsoft Patch Tuesday Updates Are Freezing Windows

If you installed the latest round of Microsoft patches and found that your computer experienced errors or started to freeze, you are not alone.

What’s occurring and which versions are affected?

Microsoft has confirmed that computers are freezing during the latest “Patch Tuesday” update process. However, the issue could be more prevalent than Microsoft is stating.

Microsoft has indicated that there is “an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.” Users of Avast for Business and CloudCare have reported freezing upon startup and Avira antivirus users are experiencing slow devices.

The security update in question includes fixes that were part of KB4489892. It was primarily meant to provide further mitigations against Spectre and Meltdown, but included other improvements as well.

It appears that a large number of Windows versions are affected by the update problems, including Windows 7, Windows 8.1, Windows Embedded 8, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2 and Windows 10.

How do you fix it?

If the Sophos Endpoint is installed, Microsoft has temporarily blocked devices from receiving these updates until a solution is available. However, there is no confirmation of the problems that Avast and Avira users are facing—only Sophos.

If you have installed the Patch Tuesday updates and need to fix them, we highly recommend rolling back the updates in question.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

How to Boost Your Team’s Efficiency by Automating IT Processes

By Patch ManagementNo Comments

How to Boost Your Team’s Efficiency by Automating IT Processes

Given the demand for timely action in today's business landscape, automation can help organizations and their IT teams operate more efficiently.

IT teams are responsible for making sure that all technologies and devices used in the workplace work. And, thanks to the widespread adoption of technology by businesses, almost all tasks and processes now require their participation and involvement.

Organizations are shifting many of their workloads to the cloud. So, aside from tending to the on-premises infrastructure, IT teams also have to perform other tasks such as support and monitor access and subscriptions to these cloud services. The explosion of affordable hardware, mobile devices, and the Internet-of-Things is also adding more endpoints to their custody. The prevalence of cyberattacks has also placed added burden on them to secure the network and mitigate threats.

Then there are the seemingly minor daily concerns such as requests for password resets, printer toner replacement, or complaints on slow internet from their colleagues that could pile up. Between 20 to 50 percent of help desk tickets are password reset requests.

IT management has become a monumental undertaking. Fortunately, IT teams are able to manage all these tasks through automation. IT automation is about using tools that monitor the network, watch out for certain conditions, and trigger actions that would readily address issues.

Firewalls and safe email policies can prevent many attacks, but hackers can just as easily gain access to your information through un-patched, out-of-date software. Each of your software tools should be updated regularly to mitigate potential risks. Automating patch deployment can ensure that no update slips through the cracks.

Take the case of software updates. Performed manually, IT staff of a medium-sized organization could be looking at working on hundreds or even thousands of devices. But through automation, these updates could now be configured to download and install as scheduled, minimizing the work for teams.

Most IT processes can be automated and companies should consider leveraging this capability to boost their IT team’s efficiency and effectiveness. Here are other areas of IT management where automation can be used.

Asset Discovery and Tracking

IT can be one of the more expensive investments companies can make. As such, it’s important for IT teams to be able to track all their employees’ digital assets including all hardware, software, and appliances. Knowing the specific assets available to them can help organizations better deploy resources.

IT management platforms can help quickly build such lists through capabilities such as automated network discovery and inventory. Devices connected to the network are automatically profiled including all hardware specifications and the list of installed software in each device.

Knowing what assets are assigned to staff could also encourage accountability from end users. Hardware loss and theft is quite common. One study revealed that 84 percent of businesses surveyed reported losing laptops. Having a historical record of inventories can also help companies track if certain devices become missing.

Software and Patch Deployment

Keeping software and hardware up-to-date is considered good practice. Application developers and hardware manufacturers periodically release updates and patches to their products which may contain new features and functionalities or address vulnerabilities.

Deploying software and patches typically requires identifying affected endpoints and installing the updates. Doing this manually can take quite a lot of time considering patch deployment is a time-critical task.

Fortunately, the process can likewise be automated where management platforms can used to automatically check for updates from developers, identify target endpoints within the network, and deploy the patches.

Backups and Recovery

Data is the lifeblood of most organizations these days so working without data backups can be a disaster waiting to happen. Work can be set back months, even years, should company data become lost or corrupted.

Conventionally, backups are done through scheduled remote uploads and redundant storage. However, workplaces are changing. Businesses can generate and process large volumes of data within a day so even scheduled backups may not be enough to ensure data protection. Teams may also involve workers located offsite making on-premises storage inadequate to store data coming from external sources.

New solutions such as continuous data protection (CDP) can be used to automatically detect any changes to work files and folders and back these changes up to a secure location in real time. CDP solutions even keep revision histories of these files so users can revert back to a previous version in case there are issues with their current version. This way, all company data are safely stored. In addition, these solutions can be used with mechanisms that initiate failover and recovery in case of outage or downtime.

Security Monitoring and Response

Cybersecurity has become top a priority for IT teams given how rampant attacks have become. Attacks can happen any time especially now that attackers are also using automation to launch breach attempts.

IT teams now need to actively monitor and respond to threats. Unfortunately, capable security talent are rare and expensive. More than half of organizations claim that there’s a worrying shortage of cybersecurity skills. To bridge this gap, organizations can rely on automation to help them deal with threats.

Automation has found its way to various security tasks. Anti-malware tools not only perform real-time scanning of devices but they can also automatically quarantine or even send samples for analysis. Security platforms like Syxsense can also detect and block malicious traffic from accessing networks. Automation can also be used to take machines offline in cases they are affected by recently discovered vulnerabilities. This way, any potential damage can be avoided.

Conclusion

Given the demand for swift and timely action in today’s business landscape, automation can truly help organizations and their IT teams operate more efficiently. Automation doesn’t only help accomplish tasks faster but it can also minimize human error where lapses, incompetence, or fatigue, could lead to significant issues. Automation of a wide variety of IT tasks also frees up the team to refocus their efforts on more strategic and creative initiatives.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Critical Red Hat Flash-Plugin Security Update

By News, Patch ManagementNo Comments

Critical Red Hat Flash-Plugin Security Update

Red Hat has released an update for Flash that addresses critical severities.

RedHat have released an update for Flash, which upgrades it to 32.0.0.171 and impacts Red Hat Enterprise Linux Desktop Supplementary and Red Hat Enterprise Linux Server Supplementary version 6.

Search your Syxsense console for flash-plugin-32.0.0.171-1.el6_10 to deploy these updates.

Security Fix(es):

  1. flash-plugin: Arbitrary Code Execution vulnerability CVE-2019-7096
  2. flash-plugin: Information Disclosure vulnerability CVE-2019-7108

Robert Brown, Director of Services for Verismic said, “Critical severities like this are used because the vulnerability can be easily exploited and lead to system compromise without user interaction.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

April Patch Tuesday: Stop Active Exploits

By News, Patch Management, Patch TuesdayNo Comments

April Patch Tuesday: Stop Active Exploits

Microsoft's security release for April covers 74 vulnerabilities in a wide range of products, including two actively exploited zero-days.

Microsoft have released 74 patches today covering IE, Edge, Exchange, Windows and Office. There are 13 rated Critical and 61 are Important. In this release there are no Moderate or Low in severity but this is up over last month’s release of 64 updates, this release will keep you busy.

Prioritize Active Exploits

Two of the updates CVE-2019-0803 and CVE-2019-0859 are “Being Exploited” meaning you should  prioritise them now. Robert Brown, Director of Services for Verismic said, “You should treat these updates with the highest importance because a similar vulnerability this year in Win32k elevation caused some significant global intrusions via malware infections.”

Adobe Updates

Adobe have released 8 updates today, for Reader, Flash, Shockwave, InDesign and Dreamweaver and a few others. The update for Flash is Critical meaning IT Admins should install these updates within the next 30 days.

Some Features Updates are Now Retired

Act now to keep your environment future proofed as updates will automatically uninstall.

Today the Windows 10 feature update version 1709 (and previous) is retired on Home, Pro and Pro for Workstations editions. If you try to deploy any security updates / patches to Windows 10 which are no longer supported, those updates will uninstall the next time the PC restarts. Ask your account manager how Syxsense can help you deploy your Windows 10 Feature Updates.

We have made a few recommendations below which you should prioritize, use Syxsense to organize and deploy Windows, third-party, Mac OS, and Linux updates to keep your environment safe.

Patch Tuesday Release

Verismic Recommended ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-0803 Win32k Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-0859 Win32k Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0786 SMB Server Elevation of Privilege Vulnerability Critical No No
Yes CVE-2019-0791 MS XML Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0792 MS XML Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0793 MS XML Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0853 GDI+ Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
CVE-2019-0685 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability Important No No
CVE-2019-0730 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0731 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0732 Windows Security Feature Bypass Vulnerability Important No No
CVE-2019-0735 Windows CSRSS Elevation of Privilege Vulnerability Important No No
CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2019-0764 Microsoft Browsers Tampering Vulnerability Important No No
CVE-2019-0790 MS XML Remote Code Execution Vulnerability Important No No
CVE-2019-0794 VBScript Remote Code Execution Vulnerability Important No No
CVE-2019-0795 MS XML Remote Code Execution Vulnerability Important No No
CVE-2019-0796 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0801 Office Remote Code Execution Vulnerability Important No No
CVE-2019-0802 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0805 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0813 Windows Admin Center Elevation of Privilege Vulnerability Important No No
CVE-2019-0814 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-0815 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability Important No No
CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability Important No No
CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-0830 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0831 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0833 Microsoft Edge Information Disclosure Vulnerability Important No No
CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability Important No No
CVE-2019-0836 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0837 DirectX Information Disclosure Vulnerability Important No No
CVE-2019-0838 Windows Information Disclosure Vulnerability Important No No
CVE-2019-0839 Windows Information Disclosure Vulnerability Important No No
CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0841 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0848 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-0849 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0856 Windows Remote Code Execution Vulnerability Important No No
CVE-2019-0857 Team Foundation Server Spoofing Vulnerability Important No No
CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability Important No No
CVE-2019-0862 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0866 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0867 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0868 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0869 Team Foundation Server HTML Injection Vulnerability Important No No
CVE-2019-0870 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0871 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0874 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-0875 Azure DevOps Server Elevation of Privilege Vulnerability Important No No
CVE-2019-0876 Open Enclave SDK Information Disclosure Vulnerability Important No No
CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability Important No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Critical Vulnerability with Mozilla Thunderbird Being Exploited

By Blog, Patch ManagementNo Comments

Critical Vulnerability with Mozilla Thunderbird Being Exploited

According to a security report issued by Mozilla, the company has patched multiple vulnerabilities in Thunderbird.

A rare vulnerability for openSUSE has been released to resolve 13 vulnerabilities with Mozilla Thunderbird. These vulnerabilities can be potentially exploited in browser or browser-like contexts. Ratings of Critical are indicative of an active exploit or when exploitation is likely in the very near future.

The following versions of SUSE are impacted:

  • SUSE Linux Enterprise 12

Use Syxsense to see if you are vulnerable—just search within Patch Manager for the following updates and if any of these are detected we would recommend these are deployed urgently:

  • MozillaThunderbird-60.6.1-82.1
  • MozillaThunderbird-buildsymbols-60.6.1-82.1
  • MozillaThunderbird-translations-common-60.6.1-82.1
  • MozillaThunderbird-translations-other-60.6.1-82.1

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Massive Ransomware Attack Strikes Arizona Beverages

By BlogNo Comments

Massive Ransomware Attack Strikes Arizona Beverages

A devastating ransomware attack took Arizona Beverages offline, resulting in millions of dollars in lost sales.

Arizona Beverages recently suffered a massive ransomware attack that compromised hundreds of computers and servers.

Known for its iced teas, the New-York based distributor became aware of the incident when more than 200 of the company’s networked computers began displaying the same message last month: “Your network was hacked and encrypted.”

Many of the company’s devices were running outdated Windows operating systems and hadn’t received patches in years. The IT staff had to effectively rebuild the entire network from the ground up, spending over six figures in hardware and recovery costs.

The ransomware attack is thought to be iEncrypt, a ransomware strain similar to BitPaymer. It was activated on March 21, several weeks after Arizona received an FBI warning about a Dridex malware infection. Responders believe Arizona’s systems had been compromised for several months.

Dridex is delivered through an email attachment. It allows attackers to steal passwords, monitor traffic, and deliver more malware due to complete network access. Incident responders believe Arizona’s previous Dridex compromise resulted in the latest ransomware infection.

The outbreak also affected Arizona’s Exchange server, disabling email throughout the company. Without any computers to process customer orders for a week, the company was losing millions of dollars a day in sales.

Important Tip for Any Ransomware Attack

As soon as your organization completes an emergency response to a breach, contact your insurance company, a lawyer that specializes in IT security, and let them hire all the IT security investigators.

By letting your lawyers hire the IT security investigators, the results of the investigations become privileged information, legally limiting who can access details about what happened.

Using a tool like Syxsense Realtime Security can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo