Skip to main content
Monthly Archives

June 2021

||

Will the Colonial Pipeline Attack Change User Behavior?

By BlogNo Comments

Will the Colonial Pipeline Attack Change User Behavior?

After the Colonial Pipeline ransomware attack, a rapid change in user behavior should be expected. However, this may not be the case.

How Will User Behavior After the DarkSide Attack?

Recent ransomware attacks upon infrastructure targets like the Colonial Pipeline have certainly elevated the profile of cybercrime. Justice and policing agencies are giving it far more attention. Companies are taking more steps to avoid the possibility of a ransomware attack.

The mainstream press, not just the IT and security press, are constantly running stories about malware, ransomware, and cybercrime. This has raised awareness of the problem to something that is now very much in the popular consciousness.

Prime-time news stories highlight the dangers of phishing, and tell harrowing stories of individuals and small businesses destroyed by cybercrime after falling victim to social engineering trickery.

Will Users Wise Up?

The obvious conclusion would be that higher awareness would bring about a rapid change in user behavior. Being fed a steady diet of news about the various ways in which people were hoodwinked by various email scams, users would become far more cautious about their own email, website, and security habits.

Sadly, the facts don’t bear this out.

Research on social engineering from security awareness training vendors such as KnowBe4 indicates that people continue to be fooled by phishing emails in more or less the same percentage as before.

More than 10%, and some studies say 1 in 3 users are prone to be fooled by phishing. All it takes is a moment of inattention and the person clicks on a malicious attachment or link. Even smart people get fooled sometimes.

Malicious Cyber Strategies

To make matters worse, the bad guys continually adjust their tactics. As one particular tactic works well, it gets used a lot and then eventually plays itself out through over-use. The old scam emails from Nigerian banks wanting to pay you millions were once hitting just about every mailbox. People are wise to it. You rarely see it, these days.

The criminals moved on to other approaches such as email subject lines promising lurid details about celebrities or taking advantage of the headlines of the moment.

Another common tactic has been to use logos from corporations, banks, the IRS, FBI, or other government bodies posing as official communications. The idea is to fool the recipient into entering passwords or banking details.

Slightly altered email addresses are another ploy. One letter is added or subtracted from the email address, so it looks correct at first glance. Criminals sometimes infiltrate the email system of one employee and use it to send malicious content to other employees posing as being an urgent survey from the IT, finance, or HR. Such attacks are often effective.

Some users are alert to these scams and spot them instantly. But many continue to be fooled by them, even at an executive level.

When, Not If

Based on the propensity of some users to be tricked into clicking on malware, the unfortunate reality is that no matter the headlines, no matter the raised awareness, breaches will happen.

Phishing scams will help bad actors to gain entry. Effective security awareness training can bring down the percentage of users who click on bad links or attachments. But it won’t bring it to zero.

How Syxsense Can Help

Such actions must be supported by ever-vigilant IT and security personnel using automated security tools. The organization must continually scan the network for vulnerabilities, unusual patterns, anomalous traffic, and new threats. Patches must be kept up to date with priority given to those with the highest threat level.

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 30, 2021
Love0
|||

Syxsense Extends Enterprise Integration with Secure API

By Press ReleaseNo Comments

Syxsense Extends Enterprise Integration with Secure API

Syxsense has announced the release of its open API to integrate between Syxsense Secure and other enterprise security and IT solutions.

Syxsense Announces Open API

Syxsense, a global leader in IT and security management solutions, announces the release of their Open API to easily integrate and share data between Syxsense Secure and other enterprise Security and IT solutions. The new REST API extends the robust Syxsense Inventory data.

Along with OS, Program, Device Health, Network configuration and more, Syxsense API exports and imports data so that systems interact efficiently. The core of the Syxsense API is flexible communication and display of information between the cloud native Syxsense and any essential business solutions like a Helpdesk or Asset Management application. By making data reusable natively, Syxsense extends its system to partners, large enterprises, MSPs and MSSPs.

The API includes full documentation of API calls with examples at https://api.syxsense.io/index.html and is available to Admin users of Syxsense Secure. Admins generate a secure API Access Token. Unique to each user, the token may be revoked or regenerated at any time. Tokens can be locked to specific IP addresses and attempted communication from another source will be blocked. As always, your data remains secure in your private instance of Microsoft Azure. Both GET and PUT operations are supported. You may extract any combination of device data you need from any device or range of devices. Data imported to Syxsense from other applications is automatically stored in an individual devices’ custom field(s).

A native cloud solution, Syxsense, modernizes on-premise solutions by centralizing enterprise data in a single cloud console accessible from anywhere. Now, by using the API to centralized data and leveraging Syxsense Cortex, managers may automate responses to security incidents faster and manage IT more reliably.

The secure API feature is included with Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 24, 2021
Love0
||

Linux Vulnerabilities of the Week: June 21, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: June 21, 2021

See this week's top Linux issues and keep your IT environment protected from the latest June Linux vulnerabilities.

1. The runc (<1.0.0-rc95) package vulnerability

Severity: Important    CVSS Score: 8.5

The runc package is vulnerable to a symlink exchange attack. To exploit the vulnerability, an attacker must create multiple containers with a fairly specific mount configuration. If an attack is successful, it can result in the host filesystem being bind-mounted into the container.

The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although it can be exploited only with a complex attack, it can be exposed over any network, with low privileges, and no user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-30465

2. ElGamal encryption flaw in Libgcrypt

Severity: Important    CVSS Score: 7.5

This is an ElGamal encryption mishandling in Libgcrypt before 1.8.8 and 1.9.x before 1.9.3, due to the lack of exponent blinding to address a side-channel attack against mpi_powm, and the inappropriate window size selection. This affects the use of ElGamal in OpenPGP.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33560

3. A NULL pointer dereference flaw in httpd

Severity: Important    CVSS Score: 7.5

A NULL pointer dereference flaw in httpd

This is a null pointer dereference in the way httpd handles specially crafted HTTP/2 requests that allows a remote attacker to crash the httpd child process, causing temporary denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s):  CVE-2021-31618

4. A tpm2-tools vulnerability affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

This is a flaw in tpm2-tools in versions before 5.1.1 and before 4.3.2. Tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as though its exploitation requires a complex attack, this can be exposed over any network,  with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3565

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 24, 2021
Love0
||

Ransomware Is Now Terrorism

By BlogNo Comments

Ransomware Is Now Terrorism

The U.S. Department of Justice has elevated the status of investigations on ransomware attacks to give them a similar priority to terrorism.

Ransomware Attacks Given Higher U.S. Priority

Those who have been victimized by ransomware have known it for some time. And now the federal government has faced up to the stark reality: ransomware is terrorism.

The U.S. Department of Justice has just elevated the status of investigations on ransomware attacks to give them a similar priority to terrorism. This comes in the aftermath of the Colonial Pipeline hack, a similar attack on the world’s largest meat processor, and a rash of other smaller incidents impacting schools, hospitals, and businesses.

As a result, U.S. attorney’s offices throughout the country have been instructed that any data concerning the investigation of ransomware should be communicated to Washington for the purposes of coordination. It appears that a concerted and coordinated campaign has begun in attempt to take out this form of cybercrime.

How the U.S. is Responding to Ransomware Attacks

A new task force has been set up in D.C. to address the issue. The goal is to detect patterns, trace common actors, and track down the criminal gangs behind it. This is a necessary move, given the fact that many of these acts are linked to Eastern European and Asian sources. With the federal government involved, pressure can be brought to bear on the police forces of other nations via Interpol, and from the State Department to other government officials.

And it’s about time. The criminals have largely had free rein up until now. Actions have only been taken against them when they went after high profile targets. A few hackers have been arrested over the last couple of years, but not that many when you consider the number of victims.

FBI investigations into cybercrime often lead overseas and that makes effective police action difficult. Hopefully, the new status will foster greater international cooperation as well as greater pressure exacted upon those who tolerate cybercriminals within their borders.

Colonial Pipeline Payback

The new emphasis on ransomware as terrorism seems to have paid immediate dividends. U.S. law enforcement officials managed to recover $2.3 million in bitcoin paid to a criminal gang DarkSide that was behind the Colonial Pipeline attack.

“Today we turned the tables on DarkSide,” said Lisa Monaco, a Department of Justice deputy attorney general.

Justice officials identified the virtual currency wallet used to collect payment from Colonial Pipeline and successfully seized what was there. This was possible as the network was in Northern California and within reach of U.S. court orders. It remains to be seen how effective new measures will be if funds have been transferred overseas.

The Best Defense Against Ransomware

Once ransomware has infected systems, the organization concerned is in for a rough ride. Reports can be filed, mitigation actions can be taken, ransoms may even be paid. But when the dust settles, IT and company management will probably feel they have been to hell and back.

The best defense against ransomware, therefore, is not to get infected in the first place. That means deployment of the right mix of security tools, educating users on how to avoid clicking on malware, and making sure all vulnerabilities are known and all patches are up to date.

How Syxsense Can Protect Your Business

Time and again, hackers exploit known vulnerabilities. Systems are continually breached due to well-publicized patches not having been deployed across the network.

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 22, 2021
Love0
||

Google Chrome Zero-Day Currently Being Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Currently Being Weaponized

Google has released 91.0.4472.114 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing 4 vulnerabilities.

Chrome Zero-Day Is Currently Weaponized

Google has released 91.0.4472.114 today to the Stable Channel and is impacting Windows, Linux and Mac OS, fixing a total of 4 vulnerabilities. Google has released at least one zero-day version of Chrome each month in 2021.

One of the bugs, tracked as CVE-2021-30554, exists due to a use-after-free error within the WebGL component in Google Chrome.  A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system. and has been reported to be weaponized.

Solution

Upgrade to the latest version of Chrome or later using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a significant risk as this can be exposed over any network, with low complexity and without privileges.  The CVE carries a CVSS score of 8.4 (High Severity)  the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 18, 2021
Love0
||

Bank Heists, Malware, and New Vulnerabilities

By NewsNo Comments

Bank Heists, Malware, and New Vulnerabilities

New research has revealed that more than 4,400 vulnerabilities were disclosed between January and March of 2021.

Managing Vulnerabilities in 2021

New research from NCC Group’s Research and Intelligence Fusion Team (RIFT) has revealed that more than 4,400 vulnerabilities were disclosed between January and March of 2021. The good news is that this is 4% down on the same period in 2020. The bad news is that 72% had no patches available.

What this means is that, while patch management is a vital ingredient of any security strategy, it is not enough. It must be complemented by comprehensive vulnerability management.

Vulnerability scanners must be regularly deployed to scour the network for strange patterns, potential authorization issues, antivirus status, OS misconfigurations, compliance violations, insecure ports, software vulnerabilities, brute force attacks, and insecure passwords.

Such scans must be automatically schedulable and must be able to prioritize exposed risk relative to the needs of the environment. Only in this way can an organization remain vigilant enough to catch an unknown vulnerability before infection takes hold throughout the enterprise.

This NCC Group research found that 13% of the new vulnerabilities for the quarter were classified as critical. Unfortunately, proof-of-concept exploits were publicly available 29% of the time i.e., they could potentially be used by cybercriminals in zero-day attacks. Further, about half of the vulnerabilities for which an exploit code was accessible had no remediation patch available.

Combine Patch Management with Vulnerability Scanning

Nevertheless, it should be understood that once vulnerabilities are known, patches are made available rapidly. These are issued promptly by vendors and should be deployed at once based prioritization of their severity level. That action alone will close the door on the vast majority of insecure channels into the organization.

The Verizon Data Breach Incident Report found that new vulnerabilities are not the cause of most security havoc in the enterprise. It is old, unmitigated holes and vulnerabilities that are the most exploited.

As the report said, “one might think that more recent vulnerabilities would be more common. However, as we saw last year, it is actually the older vulnerabilities that are leading the way. These older vulnerabilities are what the attackers continue to exploit.”

Therefore, patch management should be rigorously implemented as a major line of defense. But this study from NCC Group makes it clear that patch management must be supported by regular vulnerability scanning to provide an eagle eye for brand new vectors of incursion.

This one-two punch of vulnerability scanning and patch management provides an essential defensive barrier against most potential incursions. It must be supported by adequate user training to proof employees up against phishing attacks and other social engineering scams. With these security defenses in place, organizations are in a strong position to avoid the scourge of ransomware and other malware-borne ills.

Vulnerability Scanning with Syxsense

The Syxsense vulnerability scanner is not only a complete security management package, it is automated, repeatable, and generates quick results, delivering security and safety in a timely manner.

With security scanning and patch management in one console, Syxsense Secure is the only product that not only shows you what’s wrong, but also deploys the solution. It offers visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 17, 2021
Love0
||

3 Ways to Greatly Reduce Cyber Risk

By NewsNo Comments

3 Ways to Greatly Reduce Cyber Risk

With the rise of ransomware and an endless stream of patches in 2021, it takes reliable best practices to reduce your cyber risk exposure.

Report Reveals the Rise of Ransomware and Importance of the Human Element

The Verizon Data Breach Investigations Report is eagerly awaited each year. It provides a window into the world of global trends in security. This year’s analysis looked into 79,635 incidents around the world, of which 5,258 were confirmed data breaches.

Social engineering (primarily phishing) came up as the top avenue of incursion used in breaches. More than 30% of incidents stemmed from it, while web application attacks accounted for around 25% and system intrusions scored almost 20%.

Not surprisingly 85% of breaches included a human element with 61% involving credentials, and 13% containing ransomware. About 10% of the ransomware attacks cost organizations an average of about $1 million – whether from forking over the cash, remediation, or lost revenue.

Ransomware = Organized Crime

Organized crime is now behind four out of five breaches. In other words, the days of the lone hacker-genius-student sitting in an attic breaking into big government systems are behind us. These days, criminals are most often involved and their goal is money – as much as possible per breach. Yes, there is a little espionage going on, and perhaps a few lone wolves showing off their hacking prowess. But by and large, we are now dealing squarely with cybercriminals motivated by money and extortion.

The Verizon report emphasizes how hackers now use automation to quickly zero in on ripe areas.

“It’s important to limit your public facing attack surface, through asset management, defensive boundaries and intelligent patching.”

Another important finding is that it is not new vulnerabilities that cause the most trouble. It is old, unmitigated holes and vulnerabilities that are the most exploited.

“One might think that more recent vulnerabilities would be more common. However, as we saw last year, it is actually the older vulnerabilities that are leading the way. These older vulnerabilities are what the attackers continue to exploit. “

They give the example of the Microsoft Exchange Remote Code Execution Vulnerability (CVE-2021- 26855) that is being actively and massively exploited. Despite Microsoft issuing warning after warning, patches being in existence for months, and a barrage of news stories about this problem, organizations continue to be attacked due to not fixing this issue.

That’s why Verizon analysts condemn the ability of IT teams to keep up with the deployment of patches.

“The patching performance this year in organizations has not been stellar. Granted, it’s never been great.”

How to Greatly Reduce Cyber Risk

Those wishing to greatly reduce cyber risk, therefore, are advised to institute three practices.

  1. Institute security awareness training to educate users into the many tricks and strategies of social engineering. Use this training to proof them up against phishing and other scams.
  2. Automate patch management: Eliminate internal procedures that slow the deployment of patches. Instead of relying on someone in IT to review, test, and determine when and if a patch should be deployed, add automation to the process.
  3. Conduct regular vulnerability scans to detect systems, apps, and devices that offer a potential pathway into the enterprise.

How Syxsense Can Help

Syxsense provides the answer to 2 and 3 above. It combines automated patch management with vulnerability scanning and IT management as a way to eliminate risk and plug the holes cybercriminals are using to institute ransomware and other forms of attack.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 17, 2021
Love0
||||||

Syxsense Welcomes Dave R. Taylor as Chief Marketing Officer

By Press ReleaseNo Comments

Syxsense Welcomes Dave R. Taylor as Chief Marketing Officer

Syxsense has announced the addition of marketing powerhouse, Dave R. Taylor, to their expanding executive team as Chief Marketing Officer.

Syxsense Welcomes Dave R. Taylor as CMO – Invests to Expand on Growth

Syxsense, a global leader in IT and security management solutions is excited to announce it has added marketing powerhouse Dave R. Taylor to their expanding executive team as CMO. Dave comes from a strong background in IT Security and Management as one of the original founding team members of LANDesk Software (now Ivanti) and years as marketing VP at security giant WatchGuard. Dave will draw on that experience to accelerate an already brisk growth rate at Syxsense.

Syxsense’s cloud-native IT management and security suite uses the proprietary Syxsense Cortex Intelligent Automation workflow designer to create intelligent endpoints without the need for complex coding or scripting. Many companies in highly regulated industries with distributed locations have turned to Syxsense to simplify endpoint management in today’s ever-changing environment.

“We’re thrilled to have Dave’s experience on our team, to help guide the effective deployment of our recently raised growth round of $6m,” said Ashley Leonard, CEO of Syxsense, Inc. “Our already strong team and our simple, powerful solution have driven our growth to this point. We’re excited to accelerate going forward.”

Backed by Salt Lake venture firm Signal Peak along with Oquirrh Ventures and newly formed Origami Capital Partners, Syxsense is uniquely poised to benefit from the ongoing trend of remote work by placing the task of self-securing on the endpoint where it belongs, rather than requiring expensive and complicated perimeter tools.

The born-in-the-cloud solution allows IT administrators to automate IT patch management and security management with a streamlined drag and drop interface, providing simple, automated compliance templates and workflows.

Syxsense is offering free, full-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 15, 2021
Love0
||

Linux Vulnerabilities of the Week: June 14, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: June 14, 2021

See this week's top Linux issues and keep your IT environment protected from the latest June Linux vulnerabilities.

1. The libX11 (<1.7.1) missing validation flaw affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Exploiting this vulnerability, an attacker can inject X11 protocol commands on X clients, and potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

2. Buffer overrun flaw in PostgreSQL

Severity: Important    CVSS Score: 8.8

This is a vulnerability in PostgreSQL in versions before 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22.

Due to missing bound checks during an SQL array modification process, authenticated database users can write arbitrary bytes to a wide area of server memory.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires some privileges, it can be exposed over any network with a low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32027

3. The Linux kernel io_uring vulnerability

Severity: Important    CVSS Score: 8.8

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being used in mem_rw when reading /proc/<PID>/mem. This could allow a local attacker with low privileges to create a heap overflow and execute arbitrary code.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, the attack is of low complexity, needs low privileges, and no user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-3491

4. Improper input validation flaw in Squid

Severity: Important    CVSS Score: 8.6

This is a vulnerability in Squid through 4.13 and 5.x through 5.0.4. Because of improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling.

Exploiting this flaw, a trusted client can perform an HTTP request smuggling attack and access services otherwise forbidden by squid.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2020-25097

5. The runc (<1.0.0-rc95) package vulnerability

Severity: Important    CVSS Score: 8.5

The runc package is vulnerable to a symlink exchange attack. To exploit the vulnerability, an attacker must create multiple containers with a fairly specific mount configuration. If an attack is successful, it can result in the host filesystem being bind-mounted into the container.

The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although it can be exploited only with a complex attack, it can be exposed over any network, needs low privileges, and no user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-30465

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 15, 2021
Love0
||

Top 5 Security Trends of 2021

By NewsNo Comments

Top 5 Security Trends of 2021

Gartner recently released a list of the top security trends. How have things changed since COVID-19 hit and what actions should you take?

Top IT Security Trends of the Year

Gartner recently released a list of the top security trends. How have these changed since COVID-19 hit? What new trends have emerged? Which old ones remain as persisting challenges?

Here are some of the key ones noted in the report.

1. Staffing

Filling positions with skilled security personnel was a problem long before COVID-19 hit. And it remains a major issue today.

“The first challenge is a skills gap,” said Gartner Analyst Peter Firstbrook. “80% of organizations tell us they have a hard time finding and hiring security professionals and 71% say it’s impacting their ability to deliver security projects within their organizations.”

2. Remote Work

Gartner surveys show that as many as 40% of employees will continue to work from home post-COVID-19. Thus, the additional support and security measures that have been implemented for remote work since March of 2020 will have to be continued indefinitely. Not only that, security personnel will have to deal with some people working only in the office, some only from home, and many combining both.

A further wrinkle is that many offices are taking the opportunity to downsize. One example is an organization of 100 that is planning to have personnel work three days per week in the office. This means that 60 will be onsite at any one time. To address this change, office space is being reduced. Standard cubicles are being dispensed with and employees will be asked to hook up their laptops to available spaces.

Therefore, security staff will have to get used to new patterns of operation, revise policies and best practices, and implement new tools to deal with a more fluid workplace.

3. Identity First Security

Gartner defines identity first security as an approach that places identity front and center in security design. Instead of a disparate set of tools and applications, each with their own security methods, user identity becomes the key to accessing everything from anywhere on any device.

This includes being able to monitor authentication centrally across the enterprise, not just implementing point tools related to multi-factor authentication, single sign-on, or biometric authentication. Organizations will have to evaluate the value of buying new software and systems to implement identity first security against the desire to maximize earlier investments in point tools.

4. Tool Sophistication Grows

Cybercriminals have upped their game. The recent SolarWinds and Microsoft Exchange Server hacks demonstrate the extent and also the depth to which networks can rapidly be compromised.Therefore, security vendors have been forced to raise their game, too, with new technologies such as breach and attack simulation (BAS) tools.

BAS is all about continuously assessing the defensive posture of the organization rather than relying on occasional penetration tests to determine potential areas of exposure. The logic behind this is: why conduct penetration tests on a quarterly or annual basis when you can be doing it virtually all the time?

5. Vendor Consolidation

The modern-day security toolkit contains way too many individual elements. A Gartner survey of CISOs found that 78% have 16 or more cybersecurity tools. Incredibly, as many as 12% of organizations have 46 or more security applications. That’s bad news for IT as they have to integrate, correlate, manage and maintain all those systems. They have had enough of hopping from console to console to fix one issue or another. It is no wonder that mistakes happen and breaches occur.

An emerging element of strategy, therefore, is to consolidate toolkits to encompass a smaller set of vendors. The advantages include ease of implementation, stronger integration, and lowered costs. That’s why 4 out of 5 CISOs intend to consolidate vendors over the next three years.

“Having fewer security solutions can make it easier to properly configure them and respond to alerts, improving your security risk posture,” said Firstbrook.

Enhance Your IT Management and Security

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 12, 2021
Love0