Skip to main content
Monthly Archives

November 2019

||

Fake ‘Windows Update’ Installs Ransomware

By NewsNo Comments

Fake ‘Windows Update’ Installs Ransomware

An executable file disguised as a Windows Update has been dropping the new Cyborg ransomware on its victims.

You’ve Got Mail

An executable file disguised as a Windows Update has been dropping the new Cyborg ransomware. The delivery mechanism claims to originate from Microsoft; however, it directs the victim to an image attachment described as the ‘latest critical update’.

The email-based threat, discovered by researchers at Trustwave, is unique in various ways, unveiled in a blog post on Tuesday. One such example is that the attached file appears to be in a .jpg format, even though it executes as an .exe file.

An interesting aspect is that the emails contain a simple subject: “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!” – but it has only a single sentence in the body, researchers stated. Typically, malicious emails include more data, socially engineered to lure the victims into clicking the malicious files.

“The fake update attachment,” writes Trustwave, “although having a ‘.jpg’ file extension, is an executable file. Its filename is randomized and its file size is around 28KB. This executable file is a malicious .NET downloader that will deliver another malware to the infected system.”

How Cyborg Ransomware Works

It’s been stated that if the attached file is clicked, it downloads the malicious payload from Github. The file is named bitcoingenerator.exe contained under its btcgenerator repository. Ironically, the file is the Cyborg ransomware and the only bitcoin generated is any cryptocurrency paid by the victim as ransom. In the sample ransom letter provided by Trustwave, the demand is for $500 in bitcoin.

The original name for the generator ‘bitcoingenerator.exe’ is ‘syborg1finf.exe’.

Trustwave then searched VirusTotal looking for the original filename, syborg1finf.exe, and found 3 separate examples of Cyborg. The supposed file extension applied to encrypted files differs between the samples found on VirusTotal and the sample found originally by Trustwave.

“This is an indication that a builder for this ransomware exists,” stated Trustwave. “We search the web and encountered the Youtube video about ‘Cyborg Builder Ransomware V1.0 [ Preview free version 2019 ]’. It contains a link to the Cyborg ransomware builder hosted in Github.”

Trustwave then used the builder to generate a new sample ransomware, finding it very similar to the version it found in the spam campaign: “Only the overlay differs as it contains the data inputted by the builder’s user.”

Ransomware on the Rise

Ransomware has clearly increased over the past years, now growing ‘fastest’, according to ZDNet. Tech security company Bitdefender analyzed Windows security threats including the dreaded ransomware, but also coin miners, fileless malware, PUAs (‘potentially unwanted applications’ that can compromise privacy or security), exploits (attacks based on unpatched or previously-unknown vulnerabilities) and banking Trojans.

In their findings, Bitdefender reports that ransomware saw the biggest year-on-year increase – a whopping 74.2%. Ransomware also (scarily) ranked first in terms of the total number of reports.

Interestingly, the number of ransomware reports actually dropped during the first half of 2019, largely because the group behind the GandCrab ransomware throttled down their operation. But since then, ransomware reports grew again as new ransomware has emerged to fill the void left by GandCrab (it’s also very possible the same group has restarted operations).

“The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it,” the report said.

Mac Ransomware Matters

Ransomware attacks are clearly on the rise and can affect any device. ZDNet stated that all this focus on Windows means that malware writers have little time for Macs—or at least those owned by the average computer user.

“With Windows remaining a lucrative battlefront, there is little incentive for malware authors to invest time and resources to develop mass-market Mac-centric threats, focusing mostly on advanced and sophisticated threats designed for C-level executives and decision makers,” the report elaborated.

Ransomware may be scarce on macOS, but it has been “easily” targeted by ‘cryptojacking’ operations, attacks using known vulnerabilities, and ‘potentially unwanted applications’.

Recent Ransomware Strikes

Hundreds of veterinary locations (National Veterinary Associates) were hit with the Ryuk ransomware. Earlier this month, the state of Louisiana revealed that multiple state servers were targeted and compromised, and back in August, 23 local governments in Texas were hit with ransomware in one single incident.

Organizations are not adhering to current standards to prevent these types of malicious attacks. Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across an entire environment. A combination of strict security standards and proper offline backups, paired with a secure systems management and security solution, will ensure that organizations are not affected by rising ransomware and other malware events.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Microsoft Still Urging Users to Patch Against BlueKeep Attacks

By News, Patch ManagementNo Comments

Microsoft Still Urging Users to Patch Against BlueKeep Attacks

Microsoft is urging its customers to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability.

BlueKeep Attacks Still Going Strong

Microsoft is urging its customers (once again!) to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability.

The BlueKeep vulnerability (CVE-2019-0708) affects Windows Remote Desktop Services and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Prototol (RDP) requests. Microsoft released patches for the vulnerability, including for unsupported versions of Windows, back in May.

Last week, it was reported that multiple honeypots, provided by researcher Kevin Beaumont, started crashing and rebooting since late October. It was then realized that the BlueKeep ‘Metasploit’ module was weaponized to deliver a Monero cryptocurrency miner.

BlueKeep Causing Crashes in the Wild

Recent in-the-wild attacks aren’t just affecting unpatched machines. It turns out the exploits, which repurpose the September release from the ‘Metasploit’ framework, are also causing many patched machines to crash as a result of a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs.

These crashes have also caused many to discount the potential severity of the BlueKeep vulnerability; however, Microsoft urges otherwise.

“Security signals and forensic analysis show that the BlueKeep Metasploit module caused crashed in some cases, but we cannot discount enhancements that will likely result in more effective attacks,” stated Microsoft. “In addition, while there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.”

Marcus Hutchins, aka MalwareTech, the British researcher who helped Microsoft and Beaumont analyze the BlueKeep attacks, pointed out that attackers do not need to create a worm to launch profitable attacks and users should not ignore the threat just because a worm has not yet been created.

Microsoft’s Advice to Users

Microsoft repeated their previous advice since the BlueKeep exploit was made public: patch your systems immediately.

There are still roughly 700,000 systems that appear to be vulnerable (Windows 7, Windows Server 2008 R2, and Windows Server 2008) to BlueKeep attacks and even with news of the first wave of attacks in the wild in the last month, it still doesn’t appear to have had any positive impact on patching efforts.

How to Prevent BlueKeep Attacks

Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Worried about Cloud Security? Why On-Premise is More Dangerous

By NewsNo Comments

Worried about Cloud Security? Why On-Premise is More Dangerous

ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.

Attackers Targeting On-Premise Software

Remote IT management solutions firm ConnectWise is warning its customers that hackers are targeting its on-premise software to gain access to client networks and install ransomware.

First notifying its customers via Twitter on November 7, ConnectWise said it was aware of “recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware…Please ensure that your ports are not left open to the internet based on our best practices.”

In a separate statement, ConnectWise said that “in an effort to protect our partners, we will not publicly disclose the specific port that is being targeted. We are communicating with our impacted Automate on-premise partners and are happy to answer any questions offline.”

The company is recommending that customers visit a support page and follow the steps provided to secure the on-premise Automate implementations and prevent the attacks. These steps involve closing Automate ports exposed to the internet.

Reaction to the Attacks

Some customers who received this information were confused and wanted to know more, such as the actual ports that were being exploited or the type of attacks. One such user pointed out that the support page appears to contradict itself by persuading customers to open the ports, then to close it.

ZDNet asked ConnectWise for additional details about the attacks, but the company did not respond. ZDNet went on to state that if customers would know what ports the attackers are targeting, the types of attacks hackers are launching, or what type of ransomware hackers are attempting to install, this would help many companies take preventative measures.

This would be the second time this year that attackers have targeted ConnectWise to penetrate its customer networks and deploy ransomware. In February, a malicious group exploited an outdated plugin for ConnectWise Manage to deploy versions of the GandCrab ransomware on the networks of more than 100 companies, stated ZDNet.

Instead of taking a huge risk with hosting an IT management solution on-premise, as well as forking-out more capital for additional assets to host it on, leverage a fully cloud-based solution where every connection is encrypted end-to-end.

Syxsense Manage and Syxsense Secure provide a fully-encrypted experience over 2048-bit encryption, in addition to multi-factor methods, location security, and granular user access.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

By News, Patch Management, Patch TuesdayNo Comments

Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-Day

Microsoft has released 74 Patch Tuesday updates, including 13 Critical updates and a fix for a remote code execution vulnerability in Internet Explorer.

November 2019 Patch Tuesday: What to Expect

Microsoft has released 74 updates today – there are 13 Critical and 61 Important updates to deal with.

CVE-2019-1429 has been released to solve a bug that is being weaponized! This vulnerability should be treated as an ‘Out-of-Band’ update for anyone still using Internet Explorer. Previously, we have suggested moving away from IE—this is yet another reason to look for a safer browser for your business.

Robert Brown, Director of Services for Syxsense said, “The biggest risk our customers can take, is not treating weaponized vulnerabilities seriously enough. Weaponized vulnerabilities are often not the highest severity and aren’t prioritized enough by IT managers and security administrators. In this case, the severity is critical. If the vulnerability was exploited, it could easily be used to spread ransomware or take over a system. Please patch this now.”

Not Critical, But High Priority Patches

CVE-2019-1384 and CVE-2019-1424 have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these 8.5 and 8.1 respectively. CVE-2019-1384 is a vulnerability impacting all Windows operating systems from Windows 7 to Windows Server 2019 where an attacker could obtain key and sign in messages making some security login audit records redundant. It can also infect other machines.

We believe CVE-2019-1424 is particularly dangerous. If exposed, this vulnerability could downgrade the secure communications channel leading to communications messages being sent to Windows improperly—possibly even intercepted and recorded.

Latest Adobe Patches

Adobe released four patches for Adobe Animate CC, Illustrator CC, Bridge CC, and Media Encoder. The Media Encoder patch includes a critical fix for an out-of-bounds (OOB) that could allow code execution. Both Syxsense and Adobe recommend this Out-of-Band update be deployed within the next 7 days.

November 2019 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations for what to prioritize this month. Pay close attention to those under Publicly Aware and Weaponized.

 

CVE Ref. Description Vendor Severity CVSS Base Score Publicly Aware Weaponised Syxsense Secure Recommended
CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No Yes YES
CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability Critical NA No No YES
CVE-2019-1457 Microsoft Office Excel Security Feature Bypass Important NA Yes No YES
CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability Important 8.5 No No YES
CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability Important 8.1 No No YES
CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability Critical 8 No No YES
CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability Critical 7.8 No No YES
CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1393 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1394 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1395 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1396 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1408 Win32k Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1420 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1422 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1423 Windows Elevation of Privilege Vulnerability Important 7.8 No No YES
CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability Important 7.8 No No YES
CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.6 No No YES
CVE-2019-1390 VBScript Remote Code Execution Vulnerability Critical 7.5 No No YES
CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Critical 7.3 No No YES
CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability Important 7 No No YES
CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1434 Win32k Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No YES
CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability Critical 6.7 No No YES
CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No
CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability Important 6.6 No No
CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability Important 5.8 No No
CVE-2019-1374 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1391 Windows Denial of Service Vulnerability Important 5.5 No No
CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1436 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability Important 5.4 No No
CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability Important 5.3 No No
CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability Important 5 No No
CVE-2019-1440 Win32k Information Disclosure Vulnerability Important 5 No No
CVE-2018-12207 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-1439 Windows GDI Information Disclosure Vulnerability Important 4.7 No No
CVE-2019-1411 DirectWrite Information Disclosure Vulnerability Important 4.4 No No
CVE-2019-1432 DirectWrite Information Disclosure Vulnerability Important 4.4 No No
CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability Important 4.3 No No
CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No
CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability Important 3.5 No No
CVE-2019-1234 Azure Stack Spoofing Vulnerability Important NA No No
CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability Important NA No No
CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability Important NA No No
CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability Important NA No No
CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability Important NA No No
CVE-2019-1445 Microsoft Office Online Spoofing Vulnerability Important NA No No
CVE-2019-1446 Microsoft Excel Information Disclosure Vulnerability Important NA No No
CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability Important NA No No
CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability Important NA No No
CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability Important NA No No
CVE-2019-1454 Windows User Profile Service Elevation of Privilege Vulnerability Important NA No No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Windows 10 1909 is Preparing for Release this Month

By NewsNo Comments

Windows 10 1909 is Preparing for Release this Month

Microsoft is eagerly preparing Windows 10’s November 2019 Update for release in the coming weeks—the easiest and quickest Feature Update yet.

What to Expect from the Windows 10 November Update

Microsoft is eagerly preparing Windows 10’s November 2019 Update for release within the next few weeks. Codenamed 19H2, the November release will be referred to as “version 1909,” and will be the smallest, quickest, and easiest Feature Update yet.

Contrary to the 1903 (May 2019) Update that included a mass collection of enhancements and features, the next release “will be a scoped set of features for select performance improvements, enterprise features, and quality enhancements,” stated Microsoft. Put simply, this next feature update will be more like a service pack or cumulative update and shouldn’t affect end-users as much as any previous update has done.

Since the Windows 7 operating system is quickly coming to an end on January 14, 2020, Microsoft has been striving to get this one right, and there’s testament to that. As of September 5, Microsoft stated that every Windows Insider in the “Release Preview” ring has been offered this new November update. When the October 2018 Update was released last year, there was zero testing in the “Release Preview” and thus a whole slew of issues arose, leaving a distinctly sour taste for many users. On October 10th, Microsoft stated that Windows Insiders in the Release Preview ring already attained what Microsoft expects as the final build.

New Features in Windows 10 1909

Here is the list of new features being introduced as part of the newest update (as provided directly from Microsoft):

  • Third-party digital assistants can active above the Lock screen using voice commands
  • Quickly create an event straight from the Calendar flyout on the Taskbar. Just select the date and time at the lower right corner of the Taskbar to open the Calendar flyout and pick your desired date and start typing in the text box – you’ll now see inline options to set a time and location
  • The navigation pane on the Start menu now expands when you hover over it with your mouse to better inform where clicking goes
  • Friendly images to show what is meant by “banner” and “Action Center” when adjusting the notifications on apps in order to make these settings more approachable and understandableand start typing in the text box – you’ll now see inline options to set a time and location
  • Notifications settings under Settings > System > Notifications will now default to sorting notifications will now default to sorting notification senders by most recently shown notification, rather than sender name. This makes it easier to find and configure frequent and recent senders. Microsoft has also added a setting to turn off playing sound when notifications appear
  • Options shown to configure and turn off notifications from an app/website right on the notification, both as a banner and in Action Center
  • Manage notifications” button to the top of Action Center that launches the main “Notifications & actions” Settings page
  • Additional debugging capabilities for newer Intel processors (only for hardware manufacturers)
  • General battery life and power efficiency improvements for PCs with certain processors
  • A CPU may have multiple “favored” cores (logical processors of the highest available scheduling class). To provide better performance and reliability, a rotation policy that distributes work more fairly among these favored cores has been implemented
  • Windows Defender Credential Guard for ARM64 devices has been enabled for additional protection against credential theft for enterprises deploying ARM64 devices in their organizations
  • The search box in File Explorer has been updated to now be powered by Windows Search. This change will help integrate OneDrive content online with the traditional indexed results
  • Added ability for Narrator and other assistive technologies to read and learn where the FN key is located on keyboards and what state it is in (locked versus unlocked)

Like any Feature Update, it can be deferred on business editions of Windows 10 leveraging Group Policy or Windows Update for Business settings. Organizations that run Windows 10 Enterprise edition version 1909 will have full update support for 30 months (like any Fall Update), until well into 2022.

Manage and Secure Your Environment

Easily deploy Windows Feature Updates with Syxsense Manage and Syxsense Secure. View an accurate count of all your Windows 10 devices and what version of Win10 is installed. Get started with a free trial of one of our simple and powerful solutions.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Reveals Severe Zero-Day Vulnerabilities in Chrome

By Patch ManagementNo Comments

Google Reveals Severe Zero-Day Vulnerabilities in Chrome

Google has released a software update to the Chrome browser that patches two severe zero-day vulnerabilities that could allow the browser to be hijacked.

Zero-Day Vulnerabilities Found in Google Chrome

Google has released a software update to the Chrome browser that patches two zero-day vulnerabilities that could potentially allow the browser to be hijacked by attackers.

One flaw affects the browser’s audio component (CVE-2019-13720) while the other vulnerability affects the PDFium library (CVE-2019-13721).

Google is urging users to update to the latest version as soon as possible. This includes Windows, Mac, and Linux devices as the version rolls out over the next few days.

“This version addresses vulnerabilities that an attacker could exploit to take control of an affected system, “ stated the Cybersecurity and Infrastructure Security Agency alert. “One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.”

Prevent Arbitrary Code Execution

The main bug (CVE-2019-13720) is a user-after-free flaw – a memory corruption flaw where an attempt is made to access memory after it has been freed. This typically causes a slew of malicious impacts from causing programs to become instable as well as potentially leading to execution of arbitrary code; sometimes even enabling full remote code execution capabilities.

The second bug (CVE-2019-13721) was discovered in the PDFium library, which was developed by Foxit and Google and provides developers with capabilities to leverage an open-source software library for viewing and searching PDF documents. This vulnerability is also considered use-after-free but has received no reports of it being exploited in the wild. It was disclosed by a researcher under the alias “bananapenguin” who received a $7500 bounty through Google’s vulnerability disclosure program.

These are considered the second round of Chrome zero-days detected this year, since back in March, Google patched another Chrome zero-day (CVE-2019-5786) which was being used together with a Windows 7 zero-day (CVE-2019-0859).

Google has stated that the update to the browser will be rolling out to users automatically over the coming days; however, all Chrome users should opt for a manual update as soon as possible.

How to Manage Chrome Vulnerabilities

Leveraging a systems management solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest Chrome 78 update and the pre-packaged detection will determine if devices do/do not require the update; if they require it, the update will be automatically applied and the vulnerability remediated.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

BlueKeep Attacks Arrive with Cryptomining Malware

By NewsNo Comments

BlueKeep Attacks Arrive with Cryptomining Malware

The first wave of attacks exploiting the BlueKeep vulnerability have been detected by security researchers. What actions should your IT team take?

The First BlueKeep Attacks Have Struck

The first wave of attacks exploiting the BlueKeep vulnerability have been detected by security researchers; however, the flaw is not being used as a self-spreading worm, as Microsoft was initially warning about since May of this year.

The recent attacks have instead been using a demo BlueKeep exploit to hack into these unsecured and unpatched Windows systems to install a cryptocurrency miner, stealing processing resources from various devices across the globe.

Interestingly, instead of a worm that migrates automatically and spreads instantaneously, the attackers have leveraged the vulnerability’s replicating capability to scan for other vulnerable devices in the Internet to exploit.

What Security Researchers Learned About BlueKeep

Researcher Kevin Beaumont, the expert who named the vulnerability BlueKeep, has been running a worldwide honeypot network (named BluePot) in an effort to catch exploitation attempts. The apparent attacks appear to have begun on October 23, when Beaumont’s honeypots started crashing and rebooting, but he only realized it was due to BlueKeep attack attempts on November 2.

Beaumont analyzed the attacks with assistance from British researcher Marcus Hutchins and they determined that the attackers behind the campaign have been leveraging a BlueKeep ‘Metasploit’ module, released in early September of this year, to then deliver a Monero miner. Monero is a cryptocurrency that relies on proof-of-work mining to achieve distributed consensus.

According to various sources, the hackers do not appear to have attempted to create a worm that spreads inside a network and Beaumont stated that the attacks crashed 10 of the 11 honeypots he was running.

“In conclusion, so far the content being delivered with BlueKeep appears to be frankly a bit lame – coin miners aren’t exactly a big threat – however it is clear people now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later’,” Beaumont wrote in a blog post.

How to Handle BlueKeep

It’s clear the BlueKeep vulnerability is still dangerous and can cause disastrous consequences; however, at this time, attackers just haven’t gotten it right.

But why take your chances? The Bluekeep vulnerability (CVE-2019-0708) has patches available from Microsoft for the operating systems it affects:

  • Windows XP
  • Windows Server 2003 R2
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2

Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Verismic Software Launches Rebrand to Syxsense and New Product Offerings, Reinforcing its Mission to Strengthen Endpoint Security

By News, Press ReleaseNo Comments

Verismic Software Launches Rebrand to Syxsense, Reinforcing its Mission to Strengthen Endpoint Security

The New Name, Syxsense, Expresses Company’s Focus on Protecting the Endpoint with Powerful AI-enabled Solutions That “Know All”

ALISO VIEJO, Calif. (November 4, 2019) – Verismic Software, a global leader in IT- and security-management solutions, announced today a comprehensive rebranding and repositioning of its products and messaging. This major initiative makes Syxsense the world’s first IT and security-solution provider to offer patch management, vulnerability scans, and Endpoint Detection and Response (EDR) capabilities in a single console.

Syxsense has created innovative and intuitive technology that sees-–and knows—everything, making it able to secure every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. Artificial intelligence (AI) helps security teams predict and root out threats before they happen—and to swiftly make them disappear when they do.

“Syxsense combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen,” commented Ashley Leonard, CEO of Syxsense.

“By owning an IT management tool, IT professionals can patch to reduce the risk of a problem,” Leonard continued. “By owning an EDR tool, you can monitor a breach and quarantine a device. By combining both, Syxsense allows IT and security teams to eliminate many breaches by patching, track and quarantine potential breaches, and then remediate the environment after a security event—all in real-time.”

At the heart of the rollout is Syxsense Manage, a cloud-native offering that does the heavy lifting by collecting and collating a library of patches and updates. This allows IT professionals to deploy updates with AI-driven natural language and voice control. When the need arises, users have access to dashboards, query builders, and remote-control functions that provide insight into device health, inventory, and timelines allowing IT managers to troubleshoot and diagnose issues.

Syxsense Manage, therefore, becomes the IT managers’ “endpoint everything,” allowing them to see and manage all endpoints both inside and outside the network as well as in the cloud, with coverage for all major operating systems and endpoints, including IoT devices, physical and virtual devices, and all major cloud vendors. More importantly, they can complete day-to-day tasks and updates with ease and efficiency.

The companion offering, Syxsense Secure, brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams responsible for protecting businesses from cyber-attacks. It is the only cloud-native product on the market that truly combines endpoint management and endpoint security into a single unified offering. What’s more, it is tailored to the exact needs of companies that have limited resources and consolidated IT management and security functions in the same department.

Syxsense Secure includes proactive, always-on monitoring for malicious processes, automated device quarantine, real-time alerting, and live data that delivers insights in real-time to provide even greater visibility into the health of all the endpoints across your network. It is built on endpoint management technology that creates a baseline defense against known threats by ensuring devices are current with the latest software updates and security patches. This provides total visibility into the enterprise and eliminates blind spots so security managers can immediately detect anomalies that indicate an imminent or active threat.

By analyzing endpoint activity, Syxsense Secure predicts threats before they become breaches. Built on real-time, always-on endpoint monitoring, when breaches do happen, Syxsense knows how the attack entered the environment, how it spread, which data, files, and devices were impacted, and whether the threat has been neutralized in its entirety to prevent future vulnerabilities.

“Organizations are now able to combine and strengthen cybersecurity and IT management across their enterprise, enabling IT-SecOps convergence and digital transformation, improving enterprise performance while reducing the cost of cybersecurity,” concluded Leonard. “The Syxsense Endpoint Security Cloud, the overarching platform for Secure and Manage, provides multiple industry-proven capabilities in a single dashboard to simplify cybersecurity management and better protect people, businesses and assets from evolving cyber threats.”

About Syxsense

Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen. The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. https://www.syxsense.com

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo