Skip to main content
Monthly Archives

August 2019

|||

Microsoft Warns that End-of-Life is Near for 1703

By NewsNo Comments

Microsoft Warns that End-of-Life is Near for 1703

Microsoft is reminding enterprise admins that Windows 10, version 1703 of Enterprise and Education editions, is reaching end-of-life on October 9, 2019.

Say Farewell to Patches for 1703 in October

Microsoft is reminding enterprise admins that Windows 10, version 1703 of Enterprise and Education editions, is reaching end-of-life on October 9, 2019.

This means that the version will be fully unsupported and will no longer receive new monthly security or quality updates. The consumer versions (Home, Pro, Pro for Workstations, and IoT Core editions) have already reached end-of-life last year on October 8, 2018, and haven’t been receiving updates since.

Microsoft’s warning is, of course, no surprise. The 1703 version, the “Creators Update” was released back in early 2017 and originally had 18-month support; however, last September Microsoft extended their servicing period to 30 months for the 1703 Enterprise and Education editions.

“There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats,” Microsoft warned.

While Windows 10 has received a fixed deadline, Microsoft has also been crafting its offer of paid Windows 7 patches to enterprise customers still running the older operating system, after it also ends support on January 14th, 2020.

Enterprise Agreement (EA) and Enterprise Subscription Agreement (EAS) customers with active subscriptions to Windows 10 E5, Microsoft 365 E5, and Microsoft 365 E5 Security can opt-in for ‘Windows 7 Extended Security Updates’ for a year at no additional charge. The promotion will run from June 1, 2019, to December 31, 2019.

What should you do next?

Even though Microsoft has announced that it would offer continued security updates to businesses for the maturing operating system, the free updates will definitely cease after January 14th, 2020.

For those who are still on Windows 10, version 1703, and need to migrate: move to a newer and supported feature update version, such as 1809, 1903, or even 19H2 (to be released in September or October of this year). Always double-check the endpoint capabilities and whether or not it can support the latest, supported versions of Windows 10. For more information on Windows 10 pre-requisites, you can always check with Microsoft’s requirements.

Whether you’re a consumer with an outdated version of Windows 10 or Windows 7, or an enterprise admin nearing, or even past, end-of-life Windows 10 versions, any unsupported version of Windows has potential to be attacked and exploited through the use of malware or even ransomware.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 27, 2019
Love0
||

August Third-Party Patches and Security Updates

By News, Patch ManagementNo Comments

August Third-Party Patches & Security Updates

Explore the latest third-party and security updates and find out which patches should be prioritized this month to protect your environment.

Which third-party patches should you prioritize?

VideoLAN has released an update this week to resolve two high-risk vulnerabilities in the VLC media player application. The discovered vulnerabilities allow an attacker to manipulate the .MKV extension so that a file can be used to gain control of the victim’s device. A total of 15 defects were made public on Monday by VideoLAN and a new version was released on August 19.

Additionally, Google Chrome received an update earlier this month resolving a high-severity use-after-free vulnerability in the PDFium viewer (CVE-2019-5868), as well as a medium-severity vulnerability (CVE-2019-5867)

Firefox also had a moderate vulnerability addressed regarding stored passwords and master password entry (CVE-2019-11733). “When a master password is set, it is required to be entered again before stored passwords can be accessed in the ‘Saved Logins’ dialog,” stated Mozilla regarding version 68.0.2. “It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.”

Why focus on patching third-party applications?

Delays in patching third party applications with dangerous vulnerabilities can leave your endpoints wide open to attack.

Syxsense provides true network security and lets you manage every threat with the click of a button. Keep up with the constant stream of security threats and patches for third-party software applications, such as Adobe, Java, Chrome and more.

Third-Party Updates

Title Description CVSS CVSS Severity Vendor Date Published
Acrobat_ReaderDC_v15.006.30499(Classic Track 2015) NA NA Adobe 8/13/19
Acrobat_ReaderDC_v17.011.30144(Classic Track 2017) NA NA Adobe 8/13/19
Acrobat_ReaderDC_v19.012.20036(Continuous Track) NA NA Adobe 8/13/19
AcrobatDC_v15.006.30499(Classic Track 2015) NA NA Adobe 8/13/19
AcrobatDC_v17.011.30144(Classic Track 2017) NA NA Adobe 8/13/19
AcrobatDC_v19.012.20036(Continuous Track) NA NA Adobe 8/13/19
Chrome_v76.0.3809.100 The Stable channel has been updated to 76.0.3809.100 8.8 High Google 8/6/19
FileZilla_v3.44.1 NA NA FileZilla 8/9/19
Firefox_v68.0.2 Version 68.0.2, first offered to Release channel users on August 14, 2019 NA NA Mozilla 8/14/19
FirefoxESR_v68.0.2 NA NA Mozilla 8/14/19
FlashPlayer_ActiveX_v32.0.0.238 NA NA Adobe 8/13/19
FlashPlayer_Plugin_NPAPI_v32.0.0.238 NA NA Adobe 8/13/19
FlashPlayer_Plugin_PPAPI_v32.0.0.238 NA NA Adobe 8/13/19
Opera_v62.0.3331.116 Opera 62.0.3331.116 Stable update NA NA Opera 8/7/19
Skype_v8.51.0.72 NA NA Microsoft Corporation 8/12/19
VLC Media Player_v3.0.8 NA NA VideoLAN 8/19/19

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 21, 2019
Love0
|||

Massive Ransomware Attack Strikes 23 Texas Towns

By BlogNo Comments

Massive Ransomware Attack Strikes 23 Texas Towns

The state of Texas has been hit with a rare coordinated ransomware attack that disrupted systems of 23 different local governments.

Use Patch Management to Prevent Ransomware Attacks

23 cities in Texas were hit with a coordinated ransomware attack this weekend. A research firm which studies ransomware, has said that attacks aimed at state and local government are on the rise, with at least 169 examples of government computer systems hacked since 2013. There have been more than 60 already this year.

One of the most popular ways of tapping into government networks is through remote desktop systems, which can be vulnerable to hackers. Last week, Microsoft included a patch for RDS which had a CVSS score of 9.8. Windows RDS has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

The biggest lesson to come out of these attacks is that applying security updates as soon as possible can go a long way toward avoiding victimization when vulnerabilities are exploited by ransomware.

The Best Offense is a Solid Defense

The Top 5 Patching Mistakes whitepaper breaks down the assumptions that many IT professionals have about managing their environment. When a future ransomware attack occurs, these mistakes could significantly contribute to the spread of it. Or, when the next doomsday strikes, you could be completely bulletproof.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 20, 2019
Love0
||

20-Year-Old Unpatched Flaw and Critical Vulnerabilities Revealed

By Blog, Patch ManagementNo Comments

20-Year-Old Unpatched Flaw and Critical Vulnerabilities Revealed

Microsoft is warning all Windows users to update their operating systems immediately because of multiple wormable vulnerabilities, as well as a 20-year-old bug in the older operating systems.

Unlike BlueKeep, which affected only the older and unsupported Windows operating systems, the bugs recently disclosed in Microsoft’s August 2019 Patch Tuesday release affect newer versions: specifically Windows 7, 8, 8.1, and 10, as well as Server 2008, 2012, 2016, and even 2019. As of last month, the BlueKeep vulnerability may still be outstanding in just less than 1 million legacy devices. The new bugs brought to light in August can affect nearly 1 billion devices worldwide, since Windows 10 alone is being utilized on more than 700 million devices.

The bugs (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226) essentially make it possible for unauthenticated attackers to execute malicious code by sending a specially crafted message when Network Level Authentication (NLA) is switched off, as it is commonly done in enterprise networks. This paves the way for other potential malware events such as ransomware.

Additionally, a 20-year-old vulnerability (CVE-2019-1162) was discovered for the legacy operating systems, but also has a patch available. This vulnerability is described as “a privilege escalation vulnerability when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.”

Back in June, the National Security Agency issued an urgent advisory to all Windows-based administrators, as well as users, to ensure they’re fully-patched and secure. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability.

For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.” It’s safe to assume that the NSA will be releasing additional advisories shortly.

“These vulnerabilities include all of the latest versions of Windows, as well as the maturing versions,” stated Jon Cassell, Senior Solutions Architect for Verismic Software, Inc. “Consumers and organizations alike will need to prioritize the latest patches from Microsoft to ensure that these ‘wormable’ defects are remediated as soon as possible.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 15, 2019
Love0
||

August Patch Tuesday: Is RDP Worth the Risk?

By News, Patch Management, Patch TuesdayNo Comments

August Patch Tuesday: Is RDP Worth the Risk?

Microsoft has released almost 100 updates today making this one of the largest Patch Tuesday updates of the year.

August Patch Tuesday Has Arrived

Microsoft has released almost 100 updates today, 93 in total with 29 rated Critical and 64 Important. This is one of the largest releases this year and brings a few key updates to be aware of.

Remote Desktop Services

CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 & CVE-2019-1226

There is no doubt that right now Windows RDS (used by remote desktop) has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

Although not technically a Zero Day vulnerability, we recommend this CVSS score 9.8 vulnerability be your highest priority in this release. Robert Brown, Director of Services said, “This year alone, this is one technology which keeps getting exposed, and is a favorite amongst the hackers. Although there are no known exploits (right now), this vulnerability is recognized by Microsoft as exploitation more likely, hence if you are using RDP this needs to be patched right away. Now is the time to decide whether RDP is worth the risk, or if there is another technology which offers better security?”

Microsoft Graphics Remote Code Execution Vulnerability

CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151 & CVE-2019-1152

This vulnerability carries a CVSS score of 8.8 and impacts almost every Windows operating system. We have seen vulnerabilities like these released as “Zero Day” in previous releases due to the security issues with Windows fonts. Windows font library improperly handles specially crafted embedded fonts, an attacker who successfully exploited the vulnerability could take control of the whole system, including installing applications and creating new accounts with full user rights.

Adobe Updates

Adobe has released 3 updates for Adobe Reader which resolves a grand total of 119 vulnerabilities. APSB19-41 has been given a Priority 2 which means Adobe recommend this be deployed within 30 as they have an elevated risk.

No Updates are Public or Exploited

As of the release schedule, none of the Microsoft vulnerabilities are either Publicly Disclosed or known to be Exploited.

Patch Tuesday Release

We have made a few recommendations below which you should prioritize this month:

Verismic Recommended CVE ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-1181 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1182 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1222 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1226 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1139 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1131 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1140 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1141 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1195 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1196 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1197 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0720 Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1188 LNK Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1144 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1145 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1149 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1150 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1151 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1152 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1199 Microsoft Outlook Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1200 Microsoft Outlook Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1201 Microsoft Word Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1205 Microsoft Word Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1133 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1194 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0736 Windows DHCP Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1213 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0965 Windows Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1183 Windows VBScript Engine Remote Code Execution Vulnerability Critical No No
CVE-2019-9511 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9512 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9513 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9514 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9518 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-0716 Windows Denial of Service Vulnerability Important No No
CVE-2019-1206 Windows DHCP Server Denial of Service Vulnerability Important No No
CVE-2019-1212 Windows DHCP Server Denial of Service Vulnerability Important No No
CVE-2019-0714 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0715 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0717 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0718 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0723 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-1223 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important No No
CVE-2019-1187 XmlLite Runtime Denial of Service Vulnerability Important No No
CVE-2019-1176 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1229 Dynamics On-Premise Elevation of Privilege Vulnerability Important No No
CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability Important No No
CVE-2019-1161 Microsoft Defender Elevation of Privilege Vulnerability Important No No
CVE-2019-1204 Microsoft Outlook Elevation of Privilege Vulnerability Important No No
CVE-2019-1198 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1168 Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability Important No No
CVE-2019-1169 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1162 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1173 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1174 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1175 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1177 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1178 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1179 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1180 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1184 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1186 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1190 Windows Image Elevation of Privilege Vulnerability Important No No
CVE-2019-1159 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1164 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1170 Windows NTFS Elevation of Privilege Vulnerability Important No No
CVE-2019-1185 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-1030 Microsoft Edge Information Disclosure Vulnerability Important No No
CVE-2019-1078 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1148 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1153 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1202 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2019-1224 Remote Desktop Protocol Server Information Disclosure Vulnerability Important No No
CVE-2019-1225 Remote Desktop Protocol Server Information Disclosure Vulnerability Important No No
CVE-2019-1171 SymCrypt Information Disclosure Vulnerability Important No No
CVE-2019-1143 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1154 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1158 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1172 Windows Information Disclosure Vulnerability Important No No
CVE-2019-1227 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1228 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1146 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1147 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1155 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1156 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1157 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1193 Microsoft Browser Memory Corruption Vulnerability Important No No
CVE-2019-1057 MS XML Remote Code Execution Vulnerability Important No No
CVE-2019-1192 Microsoft Browsers Security Feature Bypass Vulnerability Important No No
CVE-2019-1163 Windows File Signature Security Feature Bypass Vulnerability Important No No
CVE-2019-1218 Outlook iOS Spoofing Vulnerability Important No No
CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Important No No
CVE-2019-1203 Microsoft Office SharePoint XSS Vulnerability Important No No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 14, 2019
Love0
||

Why Enterprise Ransomware Attacks Are Increasing

By Blog, Patch ManagementNo Comments

Why Enterprise Ransomware Attacks Are Increasing

According to researchers, ransomware is rapidly shifting toward corporate targets.

According to various sources, ransomware appears to see triple-digit spike in corporate detections. A pair of reports released by Black Hat and Accenture mark the enormous shift away from targeting typical consumers.

With attackers attempting to “win” the most payout, ransomware attacks are proving to migrate from consumer targets to organizations, businesses, and municipalities. It also appears consumer detections have finally fallen below organizational detections, according to Malwarebyte’s Black Hat 2019 quarterly threat report. The report determined that overall ransomware detections against enterprise environments in the second quarter rose by 363 percent year-over-year; meanwhile, consumer detections have been slowly declining by 12 percent year-over-year.

The report also found that ransomware is certainly expected to evolve with hybrid attacks with worm-like functionality and other malware families.

“This year we have noticed ransomware making more headlines than ever before as a resurgence in ransomware turned its sights to large, ill-prepared public and private organizations with easy-to-exploit vulnerabilities such as cities, non-profits and educational institutions,” said Adam Kujawa, director of Malwarebytes Labs, in the report published on Thursday at Black Hat 2019. “Our critical infrastructure needs to adapt and arm themselves against these threats as they continue to be targets of cybercriminals, causing great distress to all the people who depend on public services and trust these entities to protect their personal information.”

Earlier in the month, Accenture’s iDefense division discovered MegaCortex, a form of malware in prior years, has been rearchitected as enterprise-focused ransomware.

“The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary,” states Leo Fernandes, Senior Manager of Malware Analysis and Countermeasures at Accenture. “Additionally, the authors also incorporated some anti-analysis features within the main malware module, and the functionality to stop and kill a wide range of security products and services; this task was previously manually executed as batch script files on each host.”

It also appears that ransomware will not only focus on local files but attempt to access enterprise network shares, unbelievably increasing the level of impact from ransomware. “The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented,” stated Security Week, “The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 8, 2019
Love0
|||

MegaCortex Ransomware Targeting Victims Worldwide

By Blog, Patch ManagementNo Comments

MegaCortex Ransomware Targeting Victims Worldwide

A new variant of ransomware called MegaCortex is targeting enterprise networks and organizations across the United States and Europe.

A new variant of ransomware has been discovered, called MegaCortex, that is targeting enterprise networks and organizations. Once the environment is penetrated, the attackers infect it by distributing the ransomware using Windows domain controllers.

Researchers at Accenture iDefense described that operators behind the ransomware are focusing strictly on corporate targets to ensure large cash payouts. Being a new variant of ransomware, not much is currently known about its encryption algorithms (other than it’s been reported an RSA public key is hardcoded into the malware), how the network can actually be infiltrated, and whether the payments are actually being honored.

“With a hard-coded password and the addition of an anti-analysis component, third parties or affiliated actors could, in theory, distribute the ransomware without the need for an actor-supplied password for the installation,” the researchers say. “Indeed, potentially there could be an increase in the number of MegaCortex incidents if the actors decide to start delivering it through email campaigns or dropped as secondary stage by other malware families.”

How MegaCortex Strikes

The ransomware creates a ransom note named “!!!_READ_ME_!!!.txt” and contains information about the ransom as well as the email addresses to contact the attackers.

Ransomware aimed at enterprise and corporate networks continue to rise, not just because of the hope for larger payout, but because of centralized authentication making it easier for devices to spread the ransomware so quickly.

Using a tool like Syxsense can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 5, 2019
Love0
||

Google Chrome’s 76 Update Includes Vulnerabilities

By News, Patch ManagementNo Comments

Chrome 76 Release Includes Vulnerabilities

Google Chrome's 76 update has shown several vulnerabilities and changes that should be immediately addressed.

This week, Google has released version 76 of Chrome and although there aren’t any major features, there are still some changes and vulnerabilities to highlight.

First, Adobe Flash is no longer enabled by default. Google, as well as other software manufacturers, have been dying to end support for the vulnerability-ridden plugin for years. In July 2017, Adobe said it would kill Flash by 2020 and with a market share of 56.8% across all platforms, Chrome’s recent block on the plugin is finally bringing that to fruition. It is worth mentioning that Flash is not entirely removed from the browser. If end-users would still like to leverage Flash while browsing, the option can still be enabled in settings; however, be exceptionally careful as the plugin has always been known to be a favorite target for exploit kits, zero-day attacks, and phishing schemes.

Another change with Chrome 76 is how Incognito Mode functions. Recently, Google became aware of websites exploiting the private mode by detecting whether or not it’s utilized. This has been previously achieved via the Google FileSystem API implementation, but with the version 76 release, it’s been remediated.

Lastly, a number of vulnerabilities have been addressed, including CVE-2019-5850, CVE-2019-5853, and CVE-2019-5860. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Additionally, depending on the privileges associated with the application, an attacker could install programs, change data, or create new accounts with full user rights.

Syxsense supports Google Chrome updates by default. There’s no need to even scan the environment for out-of-date versions. A Patch Deployment Task can detect, determine if the update is necessary, and remediate without the need to interrupt end-users or wait around for a policy-based solution to someday address the update.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 2, 2019
Love0