Skip to main content
Monthly Archives

May 2020

|||||

Why WSUS and Remote Work are Incompatible

By Blog

Why WSUS and Remote Work are Incompatible

How do you keep a remote workforce secure? WSUS is not only a nightmare for work-from-home, it could also be putting your network at risk.

Securing Remote Devices for COVID-19

As the COVID-19 pandemic continues to stretch across the globe, many organizations are protecting their employees and communities by maintaining a remote workforce, creating an entirely different health concern: keeping devices secure.

Connecting these large numbers of home users to corporate resources is pushing enterprise VPN’s to a breaking point. Imagine hundreds, if not thousands, of remote devices checking-in to the same corporate environment via VPN. These devices will require security updates at least monthly, and that can cause severe contention across that same connection.

For Windows devices, which many administrators patch using WSUS, the average combined Patch Tuesday of Windows and third-party updates from December 2019 to the present is 1.5GB – 1.6GB per device. An organization managing 500 remote devices alone may expect up to nearly a terabyte of outbound traffic to keep the devices patched and up-to-date.

If you’re still using WSUS for patch management, there’s a better strategy for managing and protecting your business.

WSUS Creates Massive Headaches for Remote Work

With or without VPN, WSUS alone can be a nightmare. First of all, it’s a Windows-only solution thus limiting its usefulness. Devices require direct access to the WSUS server (whether one or many WSUS servers which increase the headache) and sync failures are common. Administrators are forced to manually approve each and every update as well as there is no support for any third-party applications whatsoever.

There’s a massive dependency on Group Policy management, which limits the effectiveness for roaming devices, as well as the on-premise content repository that must be constantly maintained. Even if patching is successful, how do you know? Reporting is always limited and end-users are known to defer reboots indefinitely. It’s hardly an update service, and more of a burden.

What should organizations do?

The simple solution is to migrate all patching services, both operating system and third-party (which WSUS cannot provide), over to a cloud-based architecture. Forget managing Classifications on-premise with WSUS. Forget standing-up WSUS replica servers, which increase administration and storage costs. Forget relying on the work-from-home users to connect via VPN to manage them.

Syxsense is a fully cloud-based solution that helps organizations better secure their endpoints through software patching, deployment, remote assistance, and vulnerability scanning. By default, Syxsense provides auto-approval strategies to ensure the right updates are approved while leaving the optional and problematic updates to the side.

The solution follows the same security protocols as VPN to adhere to any industry: 2048-bit encryption, multi-factor authentication, and even location security so that only specified networks have access for management.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||||

Whitepaper: Avoiding Patch Doomsday

By Patch Management

Whitepaper: Avoiding Patch Doomsday

In order to avoid Patch Doomsday, it is important for every organization to implement a strong patch management process.

Patch Management is More Critical than Ever

IT problems of any kind can have a negative impact on business success. At the same time, it can be shocking to learn that unpatched operating systems and application software are often responsible for the most IT problems.

Patches that resolve these problems are available—they are simply not being applied.

To reduce all of these issues and avoid Patch Doomsday, it is important for every organization to implement a strong patch management process.

Whitepaper

Avoiding Patch Doomsday

Unpatched applications and systems not only expose security risks, they also open the door to data loss and corruption, as well as performance and availability issues. Read our whitepaper to explore our best patch management practices and strategies.

Download PDF Guide

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
work-from-home vulnerability scanners

How Vulnerability Scanners Help Work From Home

By Blog

How Vulnerability Scanners Help Work From Home

Although conventional vulnerability scanners require a server setup on-premise to support devices, Syxsense allows devices from anywhere to check in and run security scans.

What is a Vulnerability Scanner?

Vulnerability scanners scan a computer and raise an alert if they discover any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.

Vulnerability scanners are not complete security solutions, but they are one small part of a good security strategy. Most do not actively prevent attacks; it is only a tool that checks your computers to find vulnerabilities that hackers could exploit. It is up to the system administrator to patch these vulnerabilities in order to create a security solution.

How Vulnerability Scanning Helps Remote And Home Users

That is where Syxsense Secure comes in. Syxsense Secure is the first product to combine IT management, patching, and security vulnerability scans in a single cloud solution.  Now IT has the ability to manage and secure vulnerabilities and security weaknesses exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers and those on the corporate network.

The vulnerability scanner assesses items such as user security and port status. At a time when organizations are sending their fleet home, the biggest concern is end-user security awareness and whether or not they’re following protocol. Proactively validating these attack vectors allows for a safer work-from-home experience.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||||||

The Ultimate Strategy for Server Patching

By Patch Management

The Ultimate Strategy for Server Patching

Patching server environments is critical for preventing internal and external attacks. Discover the key success factors and strike a balance between effectiveness and efficiency.

Patching for Servers

Remediating server environments is crucially important to secure the environment from internal and external attacks as well as ensure stability and performance. Downtime, duration, and frequency are key factors for patching servers, as well as a healthy balance between effectiveness and efficiency.

When patching servers, downtime must always be minimized. A suitable downtime strategy should be utilized so that reboots are only performed when necessary, ensuring a faster operational turnaround when many updates are needed.

An effective patching strategy requires devices to be successfully remediated with few or no pending issues. It also means that the devices have been targeted with little downtime or resources, but no clear measure of success.

Ensuring an effective and efficient approach allows the end goal (a healthy environment) to be achieved at the lowest cost possible.

Change Management

One important factor in patching and also to achieve an effective remediation strategy is change management. This provides awareness about the upcoming changes in the environment and also to help from an auditing perspective.

Every organization attains a defined process based on their relative business needs. It’s highly recommended to use the Standard Change Template since remediation is a mandatory activity to be performed on a monthly basis.

Scheduling

Frequency and duration are additionally important to ensure efficiency. As mentioned, downtime must be minimized and scheduling appropriately helps to mitigate this risk.

For example, Microsoft recommends patching servers monthly; not quarterly. Plan the various scopes for patching and segregate the environment accordingly, such as Development, then User Acceptance, then Production, then Disaster Recovery.

When taking this approach and preparing any stakeholders/users for downtime, notifications may be sent beforehand so that the audience can best prepare. Gathering all information beforehand also allows for scheduling to be a simple process so that each additional month is easier than the last.

Ensure a proper communication channel is supplied so that there are no surprises.

Compliance and Reporting

Realtime task functionality displays where each and every server device is at its remediation stage, whether detecting, applying updates, or rebooting.

Pre-and Post-patching reports provided in numerous templates, including:

  • Detected Patches by Device
  • Top X Vulnerable Devices
  • Patch Deployment History by Device/Patch
  • HIPAA Compliance
  • SOX Compliance
  • PCI & DSS Compliance
  • Security Risk Assessment

Where Syxsense Manage Fits

Syxsense Manage allows all aspects of the patching process to be easily organized and prepared. Every patching task addresses the high level questions in a step-by-step format: where, what, and when.

Where

By organizing the inventory beforehand, the question of “where” is easily prepared. This also doesn’t need to be re-created every month. Leveraging site locations or dynamic filters based on inventory and/or logical organization data, the question of “where” only needs to be asked on the front-end.

What

Following change management procedures, patch content can be easily organized using patch groups. This ensures only the approved patches are deployed with each scheduled deployment task.

Keeping things easy: skipping an approval strategy can also be done by leveraging Syxsense Manage’s built-in detection logic so that only the applicable updates are deployed where the non-applicable updates are simply skipped.

Patch filters can also be used to dynamically deploy updates that share a common value, such as “Critical Patches”, leaving out the other updates of lower severity.

When

The toughest question is “when” and of course: when is best?

Every organization is different and Syxsense Manage provides multiple avenues for scheduling, such as on-demand, recurring in weekly intervals with missed-task options, as well as formal maintenance windows and blackout hours.

The most widely used option for server patching is maintenance windows. These establish pre-approved frequencies that may be re-used with every following month, but also protecting the users with schedule duration.

Maintenance windows can be scheduled at various times of day, daily, weekly, and monthly.

Reboots

Rebooting servers is where the concept of downtime comes into play.

Reboots can be forced for all, or none; however, reboots will typically be required every single month and must apply to secure the device with the latest updates.

Going back to the “where” step, devices can be targeted based on which require a reboot and which do not, ensuring only those that do will receive the reboot and others will not be touched.

Validating with end-users: although servers may not have an end-user, custom messages and timers can always be supplied so that the reboot may be postponed by the administrator.

Measuring downtime: by using realtime task functionality, Syxsense Manage can always visualize the reboot duration and end user choices.

Types of Servers

  • Physical
  • Virtual
  • On-Premise (Private)
  • Cloud (Public or Hybrid)

Operating Systems Supported

Windows

  • Windows Server 2008 R2
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Linux

  • Redhat 5.6, 5.7, 6.0, 6.5, 6.6, 6.8, 6.10, 7.1, 7.4, 7.6, 7.7, 8.1
  • Debian 6, 7, 8.5, 9, 10
  • SUSE 12,15
  • Oracle 5.8, 6.4, 6.7, 6.8, 7.0
  • Ubuntu 14, 16, 18
  • CentOS 6.8, 6.10, 7, 7.5
  • Fedora 13, 14

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||||

5 Biggest Mistakes In Patch Management

By Patch Management

5 Biggest Mistakes In Patch Management

Patching is a major challenge for IT professionals everywhere. Find out how to avoid making the top mistakes that can significantly impact your environment.

1. Putting Off Patching

There is no question: you need to patch.

Every software product has bugs and many have security vulnerabilities. Unfortunately, people around the world, including security services are trying to find and exploit these holes. The vast majority of security events are attack vulnerabilities that have already been addressed.

For example, in the case of WannaCry, Microsoft released an update that addressed the vulnerability two months prior to the worldwide attack. By putting off patching, you leave your environment completely vulnerable to exploits and ransomware.

There is no excuse for not having a strong patch management strategy. This doesn’t mean worrying about it for a week every time something like WannaCry hits the press. When the next doomsday strikes, you should be completely bulletproof.

2. Giving Admin Rights to Everyone

One approach for patching is giving all users local administrator rights to let them take care of patching. What are the issues with this approach? Will all users install those patches?

We’ve seen Windows Update reporting 100+ patches waiting to be installed. By giving users administrator rights, you are creating a huge future attack surface. Typically end users are not as vigilant about clicking to links in emails and opening attachments that might now infect their PC utilizing their administrator rights.

Once infected, the local network can be leveraged to distribute the infection. Even in locked down environments, if an application is having trouble running, granting administrator rights will solve the problem but also create a new security gap.

It is worth the time to work out the specific permissions needed by an application rather than granting blanket administrator rights. There are simply too many risks involved.

3. Letting Vendors Auto-Update

Many operating systems and third-party applications have self-updating technology. This might seem like a great idea, however if devices are correctly locked down, the user may not have permissions to install the updates. By allowing the vendor to push out updates, there is a chance you will end-up breaking critical business applications.

One of the best examples of this is Java updates. Unfortunately, patches don’t go through the same level of software testing that a full software release typically might. This means patches can often have their own significant bugs. We have seen many examples of companies like Microsoft recalling patches because of major issues.

4. Relying on WSUS

Microsoft provides enterprises a popular tool to manage software updates: Windows Server Updates Services (WSUS). However, many organizations make the mistake of thinking they are protected because they use this program. WSUS does not provide sufficient reporting, so as an administrator there is no way to know if you are completely protected.

Questions you should be asking:

  • Has the patch been successfully deployed?
  • How can I find out my patch compliance level?
  • Is there any way to show this to management?

WSUS also focuses on distributing Microsoft’s own patches, but what about third-party software applications or non-Microsoft operating systems? It’s important to always reevaluate your approach.

5. Not Thinking Bigger

Even with a locked down security environment or running WSUS, you could still be at risk. What about your Linux and Mac devices? What about social engineering attacks that cause users to give up usernames and passwords? What about third-party applications, such as Adobe Flash and Java?

Patch management best practices are crucial. It’s important to select a solution that overcomes the key challenges in developing a patch management process.

How Patch Management with Syxsense Helps

  • Identify all devices that can access your network
  • Determine existing patch levels
  • Identify and prioritize new patches
  • Reduce IT staff time spent on patching
  • Manage your environment, including third-party patches

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Incomplete Patch for Reverse RDP Attacks Leaves Clients Vulnerable

By Blog, Patch Management

Incomplete Patch for Reverse RDP Attacks Leaves Clients Vulnerable

Although Microsoft previously patched a vulnerability related to reverse RDP attacks, researchers discovered that third-party RDP clients are still completely vulnerable.

RDP Vulnerabilities Continue to Be Exploited

Remote Desktop Protocol (RDP) has been used for over a decade to provide Windows client PCs and devices to remotely access and administer remote computers. However, it’s also one of the most notorious services for increased risk.

Over the years, attackers have wreaked havoc across nearly every country by exploiting RDP vulnerabilities and costing organizations (private and public) millions of dollars in recovery. After all this time, it’s no surprise that these remote flaws exist and yet organizations continue to leverage it.

The Danger of Reverse RDP Attacks

In a blog post published Thursday, Check Point explained how a Reverse RDP attack works. In their example, a user attempts to connect to a remote device within the corporate network; however, the device has already been infected by malware. That same malware then allows the remote device that same ability to attack the user’s device. The attack is known as Reverse RDP as the user thinks they’re controlling the remote device but it’s indeed the opposite.

Reverse RDP isn’t brand new. In fact, Check Point highlighted it to the industry at BlackHat 2019 and later in October the same year, Microsoft patched the flaw (CVE-2019-0887).

“We assumed this patch meant the vulnerability was indeed fixed,” Check Point stated regarding their initial findings, “and we even mentioned it in our previous blog post: ‘…the fix matches our initial expectations, our Path Traversal vulnerability is now fixed.”

Check Point then learned that the update itself actually entails its own flaws that allows an attacker a workaround. To mitigate, Microsoft again released an update to alleviate the flaw (CVE-2020-0655).

The Problem with the Patch

Upon further investigation, Check Point most recently discovered that Microsoft’s patch does not address the core vulnerability in an associated API that triggered the problem in the first place (PathCchCanonicalize).

“We fear that just like the Reverse RDP scenario that we just demonstrated the implications of a simple bypass to a core Windows path sanitation function may pose a serious risk to many other software products. We therefore urge all software developers and security researchers to be aware of this vulnerability, and make sure their own software projects are manually patched.”

At this time, Microsoft has yet to offer any explanation as to why it hasn’t resolved the issue, although Check Point stated they’ve notified the vendor.

How to Take Action

“IT staff in large enterprises that use Windows should install Microsoft’s February Patch, CVE 2020-0655, to make sure their RDP client is protected against the attack we’ve presented in BlackHat USA 2019. The second part is addressed to developers worldwide. Microsoft neglected to fix the vulnerability in their official API, and so all programs that were written according to Microsoft’s best practices will still be vulnerable Path-Traversal attack. We want developers to be aware of this threat, so that they could go over their programs and manually apply a patch against it.” – Omri Herscovici, Check Point

How can IT departments accurately check to make sure RDP is checked, as well as other potential security holes? The answer is simple: use a vulnerability scanner.

RDP is just one piece of the puzzle—a popular one, no doubt, but there are other flaws to look out for. Backdoors, crypto mining, peer-to-peer applications, open ports, SNMP, and even the configured Windows policies. All must be checked routinely for potential misconfiguration or susceptibility. Now that employees are working from the couch with a corporate device, or even their own, the need for heightened security has never been greater.

Syxsense Secure offers a thorough definitions library so that devices on or off-premise can be securely checked for any of these popular vulnerabilities. Contrary to most conventional vulnerability scanners that must be stood-up on-premise with new or existing hardware, licensing, and corporate firewall rules.

Additionally, Syxsense Secure includes Syxsense Manage, where patch management comes standard. Conventional tools fall short due to the lack of any remediation capabilities as well as rudimentary patch definitions. Once devices are checked, exportable reports can easily be emailed on set schedules so that newly-discovered vulnerabilities can easily be identified and sent to the proper parties, whether in-house or third-party.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: What You Need to Know For May Patch Tuesday

By Patch Management, Patch Tuesday, Video

Watch the Webcast: What You Need to Know For May Patch Tuesday

Watch the recording of our latest webcast to hear industry experts dive into May Patch Tuesday and prioritizing the latest updates.

Prioritize May Patch Tuesday Vulnerabilities

As the IT landscape continues to change, it’s never been more important to have a solid Patch Tuesday strategy.

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Join our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: May Patch Tuesday

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||Free Trial of Syxsense

U.S. Government Shares Most Exploited Vulnerabilities Since 2016

By Blog

U.S. Government Shares Most Exploited Vulnerabilities Since 2016

The CISA and FBI have sent an alert to organizations about an increased priority on patching the most commonly exploited vulnerabilities.

CISA & FBI Want Organizations to Prioritize Patching

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government have provided a technical guidance to all public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.

The alert addresses a number of separate vulnerabilities over the past eight years that foreign attackers appear to have been exploiting. It’s also interesting since it’s not just an advisory from CISA, but also directly from the FBI as well as the U.S. government.

“Foreign cyber actors continue to exploit publicly known – and often dated – software vulnerabilities against broad target sets, including public and private sector organizations,” the alert elaborated. “Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.”

The alert continued with stating that all organizations could greatly alleviate such foreign threats to “U.S. interests through an increased effort to patch their systems and implement programs to keep system patching up to date. A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries’ operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective.”

In addition to the alert specifying a number of exploits among various operating systems and products, CISA, the FBI, and the U.S. Government recommend that all organizations transition away from any end-of-life software since these clearly receive no additional support or mitigation.

Most Exploited Vulnerabilities

The top most exploited vulnerabilities provided by CISA are (in chronological order):

“Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoft’s OLE technology.”

The alert went on to point out that the “flaws malicious cyber actors exploited the most consistently were in Microsoft and Adobe Flash products, probably because of the widespread use of these technologies.”

It’s no surprise to any industry that keeping all systems patched and up-to-date will mitigate any potential attack vectors; however, recent attacks made public in the last few years proves otherwise. In 2017, WannaCry and NotPetya attacks ran rampant causing billions of dollars lost across 200,000 devices among 150 countries.

Just last year, multinational organizations and U.S. city and county governments spent nearly $200 million responding to various ransomware events, all because of easily-exploitable vulnerabilities left unpatched. With a majority of organizations sending their workers home due to COVID-19, corporate endpoints are even more at risk since so many of these businesses lack a proper work-from-home plan. This includes on-premise systems that may or may not be receiving the same level of care since IT departments themselves are no longer on-site.

How Syxsense Can Help

Syxsense is a fully cloud-based solution that helps organizations better secure their endpoints through software patching, deployment, remote assistance, and vulnerability scanning. By default, Syxsense provides auto-approval strategies to ensure the right updates are approved while leaving the optional and problematic updates to the side.

With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

By Patch Management, Patch Tuesday

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

As the third-largest Patch Tuesday in Microsoft's history, this month's massive update includes 111 fixes across 12 different products.

May Patch Tuesday Has Arrived

Microsoft have released 111 patches today, the third largest release of 2020. So far this year, there have been 487 patches released and we are only in May.

There are 16 Critical patches with the remaining 95 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “For the previous 4 months, we have had on average over 100 updates each month – that is almost 2GB per device per month. Now is the time to start building a patching strategy which does not depend on VPN or patching in line of sight of your servers. Users who are now working from home remain more vulnerable than they have ever been.”

Patches of Interest

  1. CVE-2020-1126: This vulnerability is a buffer overflow advisory which impacts both Windows 7, 8.1, 10 and the Server 2012. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system, although there are no known exploits at the moment but the vulnerability can be exploited by a non-authenticated user remotely via the internet.
  2. CVE-2020-1117: This vulnerability is incredibly dangerous for users who have more than Power User rights, as convincing the user to run a malicious link will expose that system and the attacker can have free access to the system. This can include the installation of ransomware or the infection of other systems on the network.
  3. CVE-2020-1118: Although this has a severity of Important not Critical, this carries a CVSS score of 8.6 (one of the highest of this release). Without a countermeasure for this vulnerability, an attacker can install ransomware, steal data or even trigger a continuous shutdown loop which could cause countless problems for any company.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

|||

Celebrity Personal Data Stolen in Ransomware Attack

By Blog

Celebrity Personal Data Stolen in Ransomware Attack

Ransomware attackers have allegedly stolen more than 750GB of celebrity personal data after hitting a major entertainment law firm.

Ransomware Attacks Celebrity Law Firm

Stars—they’re just like us. Unfortunately, that means they can get hit with ransomware too.

Law firm Grubman Shire Meiselas & Sacks has experienced a ransomware attack that involved a type of malware called REvil.

The attackers have allegedly stolen personal data from a laundry list of celebrity clients as well—possibly more than 750GB worth, including contracts, contact information, and “personal correspondence.”

Variety’s headline lists Lady Gaga, Madonna, and other notable celebrities that may have been affected:

Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel, HBO’s “Last Week Tonight With John Oliver,” and Run DMC. Facebook also is on the hackers’ hit list.

What is Sodinokibi Ransomware?

REVil, also known as Sodin or Sodinokibi is part of a new trend in ransomware attacks that lets attackers double down on their leverage.

Before scrambling files to grab your attention, the criminals quietly upload massive amounts of “trophy data” that can be used to blackmail anyone who reaches for their wallet too slowly.

This means financial extortion is no longer just a ransom for your files, but also a blackmail demand to stop attackers from leaking your data—or worse, your customers’ data.

The standard procedure seems to be leaking a sample to convince the victim that the data did get stolen. Following this the bargaining process involves leaking more data to persuade the victim into negotiating.

What Should You Do?

As we enter Patch Tuesday, there’s no better advice than patch early, and patch often.

Attackers who pull off ransomware attacks can afford to spend time looking for security holes they know about. By patching known bugs as soon as you can, you’re setting yourself up for success.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo