Skip to main content
Monthly Archives

September 2021

|||

10 Reasons You Should Stop Using WSUS

By BlogNo Comments

10 Reasons You Should Stop Using WSUS

What are the downsides to using Windows Server Update Services (WSUS)? Find out why WSUS can't be relied on to protect your organization.

What Is WSUS and how does it work?

Microsoft Windows Server Update Services (WSUS) is an add-on Windows operating system product for installing Microsoft product updates. Typically, every corporate network has it by default.

However, relying on WSUS to protect your corporate network might not be a good idea. In this article, we will share the downsides of WSUS which make it an unreliable solution for protecting your organization from cyberattacks.

1. Set Up and Product Configuration

WSUS is difficult to set up and configure due to a long list of system requirements for both the Server and Client sides of the product. Additionally, it is time-consuming to configure the system, so that it both checks and automatically applies updates.

Even if you spend time modifying the settings, WSUS can still fail at synchronizing on particular devices. You will have to look for a problem manually if it occurs on an unsynchronized device.

 

What Syxsense offers instead:

Syxsense can be completely set up in under 5 minutes with a lightweight agent. After it is set up and configured, Syxsense provides 100% visibility into your corporate system. You will be able to see all the endpoints (servers, desktops, laptops, and more) that are based on Windows, Mac, and Linux.

Additionally, you’ll be able to check the device inventory and its history to make sure that there are no serious vulnerabilities and the results of the completion of your tasks are satisfying.

2. WSUS Isn’t Actually Free

Though WSUS is stated to be free, it is supported exceptionally on Windows Server, which requires an expensive license. Overall, WSUS’s hidden hardware, software, and operational expenditures can reach over $120,000/a year for a system with 500 devices.

 

What Syxsense offers instead:

Due to its cloud-native architecture, Syxsense requires neither on-premise servers nor maintenance by end-user, which makes it much less expensive while increasing the effectiveness of all IT security processes.

3. Lack of Reliable Automation

WSUS doesn’t allow to automate IT workflows with complex logic, so system administrators will have to complete more manual work to organize security processes properly. As threats continue to evolve, automation is becoming critical for IT departments.

 

What Syxsense offers instead:

Syxsense Cortex is a drag-and-drop visual interface that allows automating complex IT and security processes without creating a single line of code. It is possible to automate linear sequences of actions and even the sequences that have more than one possible further action.

4. Insufficient Reporting

WSUS doesn’t provide adequate reporting on network-wide vulnerabilities, and IT security specialists have to patch together reports from several sources and hope they have accounted for everything. Besides, WSUS offers no exportation of reports to different file formats. This lack of reporting can result in unpatched vulnerabilities going unnoticed and failed audits.

 

What Syxsense offers instead:

Syxsense reports give the proof of patched and secured devices necessary for compliance agencies like HIPPA, SOX, PCI, or documentation for executives.

5. Device Discovery

Device discovery with WSUS is a very time-consuming process, as discovery takes place once in a determined period, and can’t be done more often on-demand.

 

What Syxsense offers instead:

Due to a two-way open connection, Syxsense provides adaptive device discovery, which means that you can see every device on your network and its inventory in real-time.

It is possible as you get all the necessary fresh data directly from the device avoiding its storing in a database. Thus, you can discover any new device connected to your network on-demand. Also, automatic discovery takes place after the pre-identified periods.

6. Patch Inefficiency

WSUS doesn’t push a given patch instantly. All the agents have to check in and approve patch installation on the workstation, which could be days depending on the environment.

 

What Syxsense offers instead:

If any approvals are needed, Syxsense can be controlled remotely with micro-agent technology.

However, to install new patches, the software doesn’t require any approvals. Syxsense allows to schedule maintenance windows out of office hours and automatically pushes all the necessary patches within the scheduled time-lapse.

7. Compatibility & Third-Party Patch Management

Most companies include non-Windows operating systems into their infrastructures, and WSUS is designed to work with only Windows solutions.

WSUS also works inefficiently with third-party applications, like Oracle or Mozilla. To patch such software, you will have to design a complex workaround, and still, you won’t get an intuitive catalog that is easy to work with. Given that third-party applications increasingly serve as a backdoor for cybercriminals that let you into corporate systems, this is one of the biggest downsides of the WSUS.

 

What Syxsense offers instead:

Syxsense deals equally well with devices based on Windows, Mac, and Linux. Additionally, Syxsense has an industry-leading database of third-party application patches and the database is constantly updating.

8. Inability to Quarantine

Even if you detected an infected device, it is impossible to isolate it from the corporate network via WSUS to save other devices from infection until you fix the issue.

 

What Syxsense offers instead:

Syxsense software allows quarantining an infected device to protect the whole corporate network from malicious programs. And though the quarantined device is isolated and doesn’t threaten other endpoints, you still have full access to the device which allows you to remediate it from the same console.

9. Patch Status Updates

WSUS doesn’t update on patch status for all devices properly. Moreover, it doesn’t send notifications on the reason for the failed updates.

You may think that you patched your system, however there may still be critical vulnerabilities left unfixed. This leaves your organization vulnerable to cyberattacks.

 

What Syxsense offers instead:

All the patch statuses are updated in Syxsense in real time, so you can be sure that your network is 100% protected.

10. Inability to Distribute Software

It is impossible to distribute new software through WSUS, so in case you decide that your employees have to work with a new solution, you have to install it manually or buy another software to distribute the application automatically.

 

What Syxsense offers instead:

Syxsense can not only update existing software, but also automatically distribute new software from the cloud over all the devices in the corporate network.

Is WSUS Worth It?

With so many downsides, WSUS is extremely difficult to work with. Many IT professionals will spend countless hours trying to make the product work for their organization, only to end up frustrated and inevitably exposed to threats.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind with Syxsense and set up a free trial today.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Chrome Zero-Day Is Currently Being Weaponized

By Patch ManagementNo Comments

Google Chrome Zero-Day Is Currently Being Weaponized

A Chrome zero-day has emerged from a vulnerability in the ‘use-after-free’ error when processing HTML content in the Portals component.

Google Chrome Zero-Day Is Being Weaponized

Google has released 94.0.4606.61 today to the Stable Channel to resolve serious issues impacting Windows, Linux and Mac OS.

This year Google has released 11 zero-day versions of the Chrome browser. This vulnerability is being tracked under CVE-2021-37973 as a High Severity.

This zero-day is due to a vulnerability in the ‘use-after-free’ error when processing HTML content within the Portals component. A remote attacker can create a specially-crafted website, trick the victim into visiting it, trigger a use-after-free error, and execute arbitrary code on the system.

What’s the solution?

Upgrade to the latest version of Chrome stable channel using Syxsense Secure.

Syxscore Risk Alert

This vulnerability has a serious risk as this can be exposed over any network, with low complexity and without privileges. The CVE carries a CVSS score of 8.4 (High Severity) and the vulnerability is being weaponized.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): No

Start a Free Trial of Syxsense

Experience the power of Syxsense for free. Our intuitive technology helps you easily predict and remove security threats where you are most vulnerable — at the endpoint.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: September 27, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: September 27, 2021

See this week's top Linux issues and keep your IT environment protected from the latest September Linux vulnerabilities.

1. Missing input validation in domain names in Node.js

Severity: Critical         CVSS Score: 9.8

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22931

2. WebKitGTK vulnerability affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.8

This is a use-after-free issue in WebKitGTK. Processing maliciously crafted web content may lead to arbitrary code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk. Although its exploitation requires user interaction, it can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30858

3. The Linux kernel vulnerability affecting Red Hat Enterprise Linux 7 and 8

Severity: Important  CVSS Score: 7.8

This is an out-of-bounds memory write flaw in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Exploiting this flaw, a local user can crash the system or possibly escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk. It needs access to the same network as the device, the attack is low complexity, requires low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3612

4. Possible heap buffer overflow in Vim

Severity: Important   CVSS Score: 7.8

This is a flaw in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk. Although this needs access to the same network as the device, the attack is of low complexity, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3770

5. Missing enforcement vulnerability in Xen

Severity: Important    CVSS Score: 7.8

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1.

Freeing such pages requires that the hypervisor enforces that no parallel request can result in the addition of a mapping of such a page to a guest. Due to the missing enforcement, local guests can retain access to pages that were freed and perhaps re-used for other purposes.

Syxscore Risk Alert

This vulnerability has a major risk. Although this needs access to the same network as the device and can be exposed only with a complex attack, it needs low privileges and no user interaction. This vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28701

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Despite Training, Users Struggle to Identify Malicious Traffic

By BlogNo Comments

Despite Training, Users Struggle to Identify Malicious Traffic

The last five years has seen a big increase in the amount of security training offered to employees, but is it enough?

Is Security Training Enough?

The last five years has seen a big increase in the amount of security training offered to employees. They are schooled heavily on how to recognize phishing emails, and how to spot dubious links or attachments.

This training has certainly helped, and its use should be encouraged in organizations. But it is far from infallible.

Even the best security awareness training vendors admit that their methods only minimize the chances of phishing emails penetrating organizational defenses. They cannot eliminate the fact that a small number of users will continue to be gullible, inattentive, or tricked by a new angle on phishing.

As well as having lowered the chances of unfortunate clicks by users, such training has raised the profile of phishing to the point where many more users now report it. The number of emails from users to IT about potentially malicious traffic has escalated over the past year.

The Numbers Behind Security Awareness

That’s the good news. The bad news is that they get it wrong two thirds of the time, according to an in-depth analysis. The study delved into 200,000 emails reported by employees from organizations across the globe during the first half of 2021. It found that:

  • On average, active users submitted 2.14 emails each during the period. That shows training has raised their level of vigilance.
  • However, 67% of emails employees report as phishing are neither malicious nor highly suspect.
  • 59% of users sent their alerts concerning suspicious links.
  • 54% reported an email because of an incorrect or unexpected sender.
  • 37% reported an email because of suspected spam.
  • 34% suspected the use of social engineering in an email.
  • Only 7% reported up due to suspicions about attachments.

This last bullet point bears discussion. It appears that users are now accustomed to watching for strange links, suspicious emails, or email addresses that seem fake. That’s a big step forward. However, too few seem to be on the alert for suspicious attachments – yet that avenue of attack is very much on the rise.

It is quite common, these days, for phishing emails to pose as a PO, RFP, or other business document and request the user open the attachment to forward a business objective. This ploy is quite successful. Similarly, updates on shipments, government forms, and other documents are frequently sent as a way to lure users into an unfortunate click. It is troubling that so few users seem tuned in to spotting them.

Encouraging Users

User reporting of suspicious traffic should always be encouraged. It may help IT to catch a new malware infection before it can do much damage. User failures to spot malicious emails and attachments, though, should not lead to broad chastisement of the user base. Rather, they should be used as part of the next round of security awareness training.

But user awareness is only one line of defense. It is a vital way to prevent the human element becoming the weakest link. But it is impossible to shore up the enterprise effectively only by teaching security to employees.

How Syxsense Can Help

Such vital training campaigns must be supported by automated security that picks up attacks, warns uses about them, and eliminates the manual drudgery from the world of IT.

Syxsense automates the process of implementing patches and scanning for vulnerabilities. With these two areas taken care of, the enterprise is made far more secure.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

The Great Resignation Requires Security Vigilance and Automation

By BlogNo Comments

The Great Resignation Requires Security Vigilance and Automation

From an IT security perspective, consequences from The Great Resignation demand extra vigilance and a greater degree of automation.

How the Great Resignation Is Affecting IT Departments

Many IT and security personnel quit or were laid off during the pandemic. And according to the Microsoft 2021 Work Trend Index, many more resignations are to be expected in the coming months. Some are even calling it the “Great Resignation.”

The Microsoft study found that 40% of people plan to change jobs. In IT:

  • 14% of those switching jobs want to move to a different company.
  • 11% plan to open a business.
  • 11% plan to go part-time.
  • 10% intend to move locations or become a contractor.
  • 8% intend to abandon IT.

There are a couple of important consequences of this from a security perspective that demand extra vigilance as well as a greater degree of automation.

IT Security Vigilance

IT and security are areas where personnel numbers have largely dwindled over the last decade or so. Organizations constantly demanded for more to be done by far fewer personnel. Whereas IT teams used to be split into networking, compute, application, storage, and security teams, the IT generalist has become the norm in many places. There are fewer people covering a lot more territory.

The cloud has accelerated this trend. Companies now dump a lot of traffic onto hyperscalers and convince themselves that they can make do with a threadbare internal crew.

But with one wave of personnel exits behind us and another one coming soon, the likelihood of internally generated breaches magnifies. Aberdeen Group recommends extra vigilance related to departing personnel taking data or IP with them. According to the research study, at least one in three (33%) reported data breaches involve an insider.

With the Great Resignation upon us, that number is likely to increase.

IT Security Automation

“Never was so much owed by so many to so few,” said British prime minister Winston Churchill during the Battle of Britain in 1940.

If he was a CIO today, that might be paraphrased to, “Never was so much been dumped onto the shoulders of so few.”

Threadbare IT and security departments are scrambling to cope with a surge of ransomware and a colossal increase in phishing and other threats. They typically work in an IT department where they are expected to generate apps like a genie in a magic lantern granting wishes to insatiable Line of Business (LOB) heads.

At the same time, they are told to digitize the business tomorrow, move everything to the cloud, and allow LOB managers to run their own cloud operations – while supporting a largely remote workforce. So, what is to be done?

Churchill also said: “If you’re going through hell, keep going.”

In today’s overstrained security environment, he may well have said, “If you’re going through hell, keep going – and automate.”

The only way to cope in this climate is to implement technologies that reduce the IT and security workload. Automation is the key. As many security duties as possible should be automated to relieve the burden on IT.

As much as possible, the security duties should be streamlined. Minimize the number of screens and dashboards that have to be reviewed. Find some way to cut the time it takes to go through logs – some systems analyze them automatically and provide IT with recommendations and summaries.

How Syxsense Can Help

Syxsense can help, too. It brings together IT management, vulnerability scanning and patch management in one integrated console. With the possibility of data exfiltration growing, it can help vulnerabilities that make it easier to transmit data out of the organization.

It can also spot open ports and other vulnerabilities that can be used to breach enterprise data. From a patching standpoint, Syxsense is the ideal way to automate patch management. It tests, prioritizes and deploys patches throughout the enterprise efficiently with minimal input from IT.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

The Shocking Truth About Ransomware

By BlogNo Comments

The Shocking Truth About Ransomware

Ransomware statistics have been rising for years and organizational IT security procedures and defenses must rise to the challenge.

Ransomware: You Ain’t Seen Nothing Yet

Ransomware statistics have been rising for years. But earlier this year, it appeared that things might be slowing down. There were actually a couple of months when the volume of ransomware attacks dropped.

The thinking at the time was that the bad guys had changed their approach: they were prioritizing attacks on high-value targets rather than conducting generalized phishing campaigns that tried to trick anyone on a computer anywhere.

That theory has been blown out of the water by the latest Global Threat Landscape Report from FortiGuard Labs. It highlights a new explosion in ransomware that is bad news for us all. This portends a future where cybercriminals will greatly expand their use of targeted attacks against high-value organizations, while shot-gunning phishing and ransomware malware from one end of the Web to the other.

Shocking Statistics

The report detailed some shocking statistics:

  • A year ago, the average volume of ransomware attacks per week (June of 2020) were almost 15,000.
  • Average volume of ransomware attacks per week in June of 2021 were almost 150,000 i.e., an increase of 1,000%.
  • About a third or organizations in government, telecom, automotive, and among managed security service providers (MSSP) experienced ransomware attacks in the past year.
  • Among all other sectors, the average is about 25%.

The conclusion reached by the researchers is that ransomware is a “clear and present danger regardless of industry or size.”

Rising to the Ransomware Challenge

If it is accepted that ransomware is not going to go anywhere soon, then organizational IT security procedures and defenses must rise to the challenge.  Fortunately, we have enough historical precedents to give us hope for a less disruptive future courtesy of the ransomware scourge:

  • Industrialization filled cities with soot that blackened buildings and filled them with thick smog. London was particularly prone to this about half a century ago. A move to a less polluting form of coal, and then away from coal altogether has eliminated that issue.
  • Acid rain was regarded by many as the world’s biggest problem about 30 years back. Changes in emissions standards have seen it diminish as a challenge.
  • Similarly, the hole in the ozone layer was purported to be the doom of mankind a couple of decades back. Changes to aerosol and other chemical regulations had seen it disappear from the headlines.
  • On the IT side, innovation has steadily conquered problems such as disk fragmentation, how to fix buggy software, simple computer viruses, pop-ups, and a long list of other challenges.

In all likelihood, ransomware is just the latest hurdle that has to be overcome. It may take a year or two more for it to be largely gotten under control. But eventually, enough safeguards will be in place that it will fall from the headlines, although it is likely to remain a threat that IT must stay alert to.

In the meantime, organizations are advised to beef up their security resources: The addition of skilled personnel, importing external help via consultants and MSSPs, and adding effective security defenses. High on the list of these defenses come patching and vulnerability scanning.

How Syxsense Can Help Your Organization

Syxsense reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices.

It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It frees up IT and security personnel to take care of other urgent areas of security for the enterprise by incorporating vulnerability scanning and IT management within one interface.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Why IT Security Must Become More Automated

By NewsNo Comments

Why IT Security Must Become More Automated

IT automation needs to be stepped up in order to make real process, alleviate workloads, and prevent burnout.

The Case for IT Automation

There was a time when manual security and manual IT tasks were workable. But that day passed a long time ago. Yet many in IT and security find themselves still trawling through logs, conducting manual triage of security events, or burdened by grunt work.

That’s why areas such as machine learning, Artificial Intelligence (AI), Security Information and Event Management (SIEM), and threat intelligence are so popular of late. They promise to bring a greater degree of automation to IT. And they give security personnel hope that their days of manual drudgery may be coming to an end.

But automation in IT and security has a long way to go. IT staff are still overworked, often having to work evening and weekends with no end in sight. A 2019 survey from the Ponemon Institute found that 73% of organizations said they were experiencing burnout due to an increasing workload that made working in a security operations center (SOC) painful. Most respondents to the survey at that time felt that automation of workflows would be the most beneficial measure to alleviate the pain.

Two years on, the situation in IT and security is little changed. Yes, there is more automation. But also, the sheer volume of work placed upon fewer shoulders, coupled with the rise of malware and ransomware, means that the implementation of automation has done little more than prevent the manual work burden from increasing.

Automation needs to be stepped up markedly in order to make real process, alleviate workloads, and prevent burnout.

Automating Patch Management

Let’s take a look at one area where automation has made real progress – patch management.

Patch management is one of those simple basics, that if properly used, could drastically reduce the likelihood of a cyberattack. Yet it is applied sloppily in too many enterprises.

Just about all users have seen automatic Windows updates. You leave your system online and updates are implemented automatically. That same level of automation can be applied to across the enterprise to patches from a large number of vendors.

With hundreds or even thousands of endpoints to manage, lack of automation can delay the implementation of a critical patch. It saves time if IT does not have to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.

The best patch management solutions provide drag-and-drop features, as well as automation of processes and multistage tasks: for example, automating a sequence such as patching VM guests and rebooting them, then patching their host, and performing a separate reboot. Syxsense operates in this way.

How to Make Patching More Efficient

Beyond the automation of actual patch deployment, there are many other ways to add automation and efficiency to patching processes. Consider just how fast cybercriminals move. When a new point of weakness is discovered, word spreads rapidly around the dark web. There is no time to lose in installing patches.Yet delays in testing and distributing patches are not uncommon.

IT often falls behind in reviewing patches from a great many application providers. Or laborious testing requirements act as a severe bottleneck for patch deployment. The result is weeks and often months before an important patch is ever deployed. Some organizations never seem to get round to it. Patches need to be tested and distributed within a few hours of their release. The turnaround time at Syxsense is three hours.

Another situation that can crop up is rigid automation. The organization works on a first in, first out system for patches. It receives a patch from Vendor X. It takes a certain number of weeks to process, test, and approve Patch A. By the time it is ready to go, Vendor X has released two more patches (B & C).

Oftentimes, Patch C not only addresses the latest bug, it also fixes, as well bugs A & B. Yet procedure can dictate that Patch A isn’t implemented for many months while the organization cogs are turning to deploy it then laboriously approve and deploy Patch B and finally Patch C.

IT Automation and Patching with Syxsense

Syxsense uses what is known as patch supersedence to avoid such delays. It detects and automatically deploys the most important patch and avoids rolling out Patch A when Patch C is the more comprehensive fix. Additionally, Syxsense lets you easily manage unpatched vulnerabilities with the click of a button.

Find yourself a patching solution with built in efficiency and automation.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: September 20, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: September 20, 2021

See this week's top Linux issues and keep your IT environment protected from the latest September Linux vulnerabilities.

1. Lack of certain index validation in GoGo Protobuf (< 1.3.2)

Severity: Important    CVSS Score: 8.6

This flaw allows a remote attacker to send crafted protobuf messages, causing a denial of service. The highest threat from this vulnerability is to availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3121

2. Out-of-bounds write in net/netfilter/x_tables.c affecting Red Hat Enterprise Linux 7

Severity: Important    CVSS Score: 7.8

This is a flaw in how setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) are processed for 32-bit processes on 64-bit systems.

Exploiting this flaw, a local user can gain privileges or cause a DoS (via heap memory corruption) through user name space.

The highest threat from this vulnerability is to data confidentiality, and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22555

3. Missing enforcement vulnerability in Xen

Severity: Important    CVSS Score: 7.8

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1.

Freeing such pages requires that the hypervisor enforces that no parallel request can result in the addition of a mapping of such a page to a guest. Due to the missing enforcement, local guests can retain access to pages that were freed and perhaps re-used for other purposes.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and can be exposed only with a complex attack, it needs low privileges and no user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28701

4. Mishandling of ElGamal encryption in Libgcrypt that affects Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is a side-channel attack flaw in the way Libgcrypt implemented Elgamal encryption, which allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for instance, when using OpenPGP.

The highest threat from this vulnerability is to confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33560

5. Potential directory traversal via “admindocs“ in Django

Severity: Moderate    CVSS Score: 4.9

This is a flaw in Django. Staff members could use the Template Detail View to check the existence of arbitrary files. Moreover, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although it requires high privileges, it can be exposed with a low complexity attack without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33203

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Are IT Teams Too Busy?

By NewsNo Comments

Are IT Teams Too Busy?

IT and security teams are under more pressure than ever. With a massive list of priorities, what should they be focusing on?

IT Teams Are Under Pressure

Imagine a war with one side retreating to the confines of a castle. With the enemy approaching, the king issues orders that weapons to produce weapons in greater quantity, train the troops in combat, and to repair all chain mail and helmets immediately. When the opposition forces arrive and begin to storm the defenses, the troops are so busy carrying out the king’s orders that they don’t have time to man the ramparts. The castle falls.

Ridiculous as that example may seem, that might be what is happening in some IT organizations, according to the Global CISO Report by Dynatrace.  It reveals that many IT and security teams are under so much pressure to accelerate innovation that they face a tough choice. Do they work on speeding up software delivery to meet their long list of deadlines, or do they turn their attention to urgent security matters?

In such circumstances, 64% said they would opt for speed and would focus on the innovation deadlines. This might explain why data breaches and serious security incidents are so commonplace. However, such choices put their organizations at risk as blind spots are left exposed to potential threats, and vulnerabilities are left open for hackers to exploit.

This may be a consequence of a trend that has been going on for twenty years: Demanding IT do more with less. Go back a decade or so and there were separate teams for storage, networking, applications, system administration, databases, and more. Nowadays, fewer and fewer resources are being asked to cover all functions – and manage the cloud, too.

Rapid Acceleration

Another reason could be the emergence of agile software delivery approaches that have the goal of speeding up the pace of product delivery and application development. DevOps and DevSecOps practices have achieved success on many fronts. But an unforeseen consequence may be that executives no longer have any patience for IT spending time over vital matters – like security.

DevOps teams are often tasked with ensuring code is free from vulnerabilities as they develop the code. If there is any time pressure at all, it is easy to see how the security side may receive short shrift. Items such as security scans, vulnerability scans, and patching of systems may fall lower down the to-do list.

The Dynatrace report also notes that:

  • 89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.
  • 68% of CISOs say the volume of alerts makes it very difficult to prioritize vulnerabilities based on risk and impact.

 

Automation is the Answer

With IT resources, in some cases, struggling to find the time to fulfill their security responsibilities, automation is the answer. Automation has made great strides in areas such as the cloud, virtualization, and system management.

But security automation tends to lag behind as a way to remove the tedium and repetitive nature of manually dealing with functions such as vulnerability scanning and patching. It can take a while to wade through alerts and logs to isolate potential problems from false positives and noise. Management and process automation are essential.

Automation brings simplicity to multistage tasks such as patching virtual servers. Instead of manually patching a VM guest, rebooting, then patching the host, and rebooting again, and another reboot. Automation can take care of all functions with one click and replace a great many scripts, too.

Automation takes care of areas like:

  • Patch distribution: sending the right patches to the right devices rapidly.
  • Patch supersedence (automatically ignoring older patches that are included as part of a newer release)
  • Eliminating network overload: If you push Microsoft Office patches out to 300 machines simultaneously, it can stall the network due to the quantity of data involved. Intelligent management platforms send the patch across the wire once to be shared peer-to-peer within the network.
  • Mobile devices returning to the office: The system detects their presence, quarantines the devices, checks for compliance, and remediates any issues before allowing them back onto the network.
  • Patch approval: Some organizations require various points of approval before patches are released. Good management tools make it easy to set this up once and thereafter be implemented automatically as part of the patching process.
  • Audits: Integrated management of vulnerability scanning and patch remediation simplifies the task of gathering up information for audits via drag and drop capabilities.
  • Patch roll back: If a patch caused an issue, it should be a simple matter to roll it back without IT jumping through hoops.
  • Threat alerts: Intelligent management sifts through enormous log entries and narrows threats downs to the handful requiring urgent attention.

 

How Syxsense Can Help

Syxsense can do all of the above, saving IT personnel valuable time that they can then focus on meeting strategic deadlines. Syxsense Secure combines IT management, patch management, and security vulnerability scanning in one automated solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

Watch the Webcast: September Patch Tuesday 2021

By Patch Tuesday, VideoNo Comments

Watch the Webcast: September Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the September Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: September Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo