Skip to main content
Monthly Archives

April 2022

|||

Syxsense Shines at the Stevies’ 2022 American Business Awards

By NewsNo Comments

Syxsense Shines at the Stevies’ 2022 American Business Awards

Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories.

Syxsense Honored at Stevies’ Awards

We’re excited to announce that Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories, highlighting our unique approach to unified endpoint security and IT management. This prestigious awards program recognizes the achievements and positive contributions of organizations and working professionals worldwide.

Syxsense Secure placed Silver in the Best Endpoint Security Management Solution category, with one judge calling it a “user-friendly solution to IT security management.” Another lauded Secure for its “promising customer reviews and performance metrics.”

Additionally, the Bronze for Best Emerging Technology went to Syxsense Cortex. Several judges praised Cortex, calling it one of the “better products they’d seen,” and shined a spotlight on its various features:

“The videos were beneficial to get a sense of the product. The product reviews are amazing… The workflow building and drag-and-drop UI helps differentiate the solution and move from IT administration to the emerging trend of IT orchestration.”

More than 3,700 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. Over 230 professionals worldwide participated in the judging process to select this year’s winners.

To learn more details about the Stevies’ American Business Awards and see the complete list of 2022 winners can be found here.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top Linux Vulnerabilities for April 2022

By NewsNo Comments

Top Linux Vulnerabilities for April 2022

Explore the top Linux vulnerabilities for April 2022 and find out the best solution for managing these threats.

1. CVE-2022-0435

Severity: Critical | CVSS Score: 9.0

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 

Syxscore Risk Alert

This vulnerability has a critical risk as this flaw can be exposed over any network, with low attack complexity, and with low privilege requirements.

2. CVE-2022-0492

Severity: Important | CVSS Score: 7.8

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 Syxscore Risk Alert

This vulnerability has a high risk risk as this flaw can be exposed with low attack complexity and low privileges. It does require local network access to exploit, which lowers the overall associated risk.

3. CVE-2022-28893

Severity: Important | VSS Score: 7.2

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, with low privileges, no user interaction, but does require local network access.

4. CVE-2022-0998

Severity: Important | CVSS Score: 7.2

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

5. CVE-2022-0995

Severity: Important | CVSS Score: 6.6

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

The highest threat from this vulnerability is to confidentiality and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Top 4 Cybersecurity Trends for 2022

Top 4 Cybersecurity Trends for 2022

By BlogNo Comments

Top 4 Cybersecurity Trends for 2021

There are a great many influences at work in the cybersecurity sector, and many security trends impacting organizations. Gartner recently listed seven key trends. But let’s narrow it down further. Here are four of the top trends at play:

Top Four Cybersecurity Trends for 2022  

There are a great many influences at work in the cybersecurity sector, and many security trends impacting organizations. Gartner recently listed seven key trends. But let’s narrow it down further. Here are four of the top trends at play:  

1. Expanded Attack Surface

Every day it seems, we hear about yet another breach, yet another zero-day vulnerability, yet another strain of ransomware. The reality is that enterprise attack surfaces are expanding. This may appear to be old news. But attack surfaces are continuing to expand, and the pace of that expansion is accelerating.

As more digitalization takes root, the Internet of Things (IoT) gains momentum, and mobility/remote platforms grow more sophisticated, it becomes tougher and tougher for IT to know what it is they are supposed to safeguard. The concept of protecting the data center and anything within the corporate firewall has been muddied by a multitude of risks. Whether it is a tighter union between IT and facility systems, a greater reliance on the cloud and open-source code, or the labyrinth that social media has become, it is harder to control enterprise assets. Thus, organizations must be more vigilant than ever and ensure their systems are fully patched so they will be able to detect anomalous behavior that may indicate a new encroachment or vulnerability.   

“Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities,” said Peter Firstbrook, an analyst at Gartner. “The pandemic accelerated hybrid work and the shift to the cloud, challenging CISOs to secure an increasingly distributed enterprise – all while dealing with a shortage of skilled security staff.” 

2. Supply Chain Exposure  

Supply chains were never easy to manage. But these days, they have turned into a nightmare. The free flow of goods from manufacturers in Asia and elsewhere has been interrupted. Ships are stuck in long backlogs at ports, and truck-based freight has been delayed due to new regulations and driver shortages. The conflict in Ukraine is going to do more than send oil and gas prices soaring. Russia and Ukraine are major producers of commodities like fertilizer and wheat. Those supplies are now shut off and the food supply of many nations is going to suffer badly as a result.  

Within IT, chips, cabling, and servers are in short supply. At the same time, digitalized supply chains are under attack. The SolarWinds and Kaseya breaches highlighted the repercussions of being able to hack a provider of digital services to a large number of enterprises. Why insert malicious code in one victim at a time, when you can infiltrate the systems of a provider whose software is downloaded by a large number of sites? It’s no wonder that Gartner predicts that by 2025, 45% of organizations will experience attacks on their software supply chains.  

What is to be done? Clearly, vulnerability scanning and threat monitoring efforts must be stepped up to catch incursions and strange behavior at the earliest possible point.  

3. Identity Theft  

Just as ransomware attackers are going after providers such as SolarWinds instead of individual organizations, those engaged in identify theft have upped their game. Yes, they still are happy to catch phishing victims randomly across the organization. But what they are really after are administrative privileges and executive/finance credentials. That’s why they are targeting identity and access management (IAM) infrastructure. They might start small, gain a user login, and then sit quietly for a while they reach up higher into the hierarchy. Credential misuse, therefore, has become a primary attack channel. Multifactor authentication and the improvement of password management can help organizations reduce the chances of a high-level identity breach.  

4. Human Error  

Gartner noted that human error continues to be a factor in many data breaches. Whether through clicking on malicious links or attachments, or leaving passwords on sticky notes in employee cubicles, human error is on the rise. Comprehensive security awareness training is a key aspect of defense against such errors. By educating employees on how to avoid falling victim to phishing scams and how to protect their passwords, the frequency of incursions can be greatly reduced.  

That said, compromised credentials and human error are inevitable. That’s why an automated patch management and vulnerability scanning system is vital. By deploying software updates, plugging security holes, and regularly scanning for signs of malicious behavior, Syxsense provides an extra layer of protection against stolen credentials and the repercussions of human error. In a world where the attack surface has expanded and danger lurks across the software supply chain, Syxsense provides a way to keep systems free from ransomware and malware.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

By Patch Management, Patch TuesdayNo Comments

April Patch Tuesday 2022 Addresses Over 120 Security Fixes

April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 10 Rated Critical and 115 patches rated Important with the remaining marked Moderate. This includes:

  • Microsoft Windows and Windows Components
  • Microsoft Defender and Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Exchange Server
  • Office and Office Components
  • SharePoint Server
  • Windows Hyper-V, DNS Server
  • Skype for Business
  • .NET and Visual Studio
  • Windows App Store
  • Windows Print Spooler Components

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month as well.

Robert Brown, Head of Customer Success for Syxsense said, “We have an increase of patches fixed in this release which matches what we had released last year, and is almost twice as many as last month.  There is both a weaponized threat and a Public Aware threat so right away you have updates to prioritize this month.  We also have an increase of Critical updates this month, increasing from 3 last month to 10 this month.”

Top April 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-24521: Windows Common Log File System Driver Elevation of Privilege Vulnerability

The vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-26904: Windows User Profile Service Elevation of Privilege Vulnerability

The vulnerability exists due to a race condition in Windows User Profile Service. A local user can exploit the race and escalate privileges on the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.0
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

3. CVE-2022-26809: Remote Procedure Call Runtime Remote Code Execution Vulnerability

The vulnerability could allow a remote attacker to executed code at high privileges on an affected system. Since no user interaction is required, these factors combine to make this wormable, at least between machine where RPC can be reached.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

By Blog, NewsNo Comments

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

Russian Cyberattacks on the Rise

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” he said.

Earlier announcements had mainly been about bolstering the cybersecurity profile of governmental agencies. However, this message took a different tone. It focused on the need for private organizations to increase their level of alertness and cybersecurity preparedness.

“But the Federal Government can’t defend against this threat alone,” said the President. “Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors. If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”

CISA Issues Urgent Cybersecurity Alert

Just before this announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up alert that included mitigation guidance for any suffering an attack, as well as laying the best practices noted by the President.

Such best practices include keeping patches up to date and scanning network and devices regularly for any signs of malicious or anomalous behavior.

As CISA said among its key guidelines:

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.

Unfortunately, too many businesses either neglect these functions or let them fall behind. In a great many breaches, attackers take advantage of known vulnerabilities that organizations have failed to patch. In many other attacks, the signs of incursion are not difficult to spot. Yet absent or inadequate scanning fails to uncover them.

No one wants to experience a cyberattack. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date. Syxsense is the only product that combines automated patching, vulnerability scanning, and IT management.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo