Skip to main content
Monthly Archives

May 2022

Syxsense Joins Microsoft Active Protections Program (MAPP) Expanding Company’s Threat Intelligence Capabilities

By News, Press Release

Early access to Microsoft vulnerability information allows the company to provide updated protections to customers faster

ALISO VIEJO, Calif. – [May 17, 2022] – Syxsense, a global leader in IT and security management solutions, today announced it has joined an elite group of cybersecurity software providers partnering with Microsoft to receive early vulnerability information through the Microsoft Active Protections Program (MAPP). This partnership further builds on capabilities Syxsense already provides when helping customers scan, patch, and secure endpoints. As a member of MAPP, Syxsense will receive early access to threat intelligence, allowing faster deployment of protections, and enabling customers to stay even further ahead of emerging threats.

“The threat landscape changes and evolves at an incredibly rapid pace, so providing our customers with the most up to date information is paramount when working to stay ahead of new attacks,” said Ashley Leonard, Founder and CEO of Syxsense. “As a member of MAPP, we’re now able to combine Microsoft’s early vulnerability information with our instant endpoint detection and prevention capabilities to provide customers with a more comprehensive picture of their threat environment. This ultimately helps them strengthen their security posture when scanning for vulnerabilities, managing patch cycles, dealing with endpoint compliance and more.”

“Syxsense is a valuable addition to our list of trusted security partners in the Microsoft Active Protections Program,” said Al Brown, Senior Security Strategist, Microsoft Security Response Center. “The visibility insights and management capabilities gained from their unified endpoint management technology along with the early access to threat intelligence they now have enables them to offer their customers some of the most robust defense strategies in the industry.”

Syxsense recently announced Syxsense Enterprise™, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment. Syxsense Enterprise combines Syxsense Secure, Manage, and Mobile Device Manager, and then layers on a powerful workflow automation tool called Syxsense Cortex™, to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate vulnerabilities.

For more details, visit: https://www.syxsense.com/. To see this integration, as well as Syxsense’s Enterprise solution or MDM capabilities in action, visit the company’s booth (#466 in the South Hall) at the RSA Conference, June 6-9, 2022.

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified endpoint security management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

About the Microsoft Active Protections Program (MAPP)

MAPP is a program from the Microsoft Security Response Center (MSRC) that provides vulnerability information to security software providers in advance of Microsoft’s monthly security update release. By receiving vulnerability and threat information earlier, security providers can deploy protections ahead of publicly available vulnerability details.

https://www.microsoft.com/en-us/msrc/mapp

About the Microsoft Security Response Center (MSRC)

The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For over 20 years, we have been engaged with security researchers working to protect customers and the broader ecosystem.

https://www.microsoft.com/en-us/msrc

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Business Email Compromise Attacks on the Rise

By Blog

Business Email Compromise Attacks on the Rise

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Increased BEC Attacks

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. The FBI’s Internet Crime Complaint Center (IC3) reports that Business Email Compromise (BEC) schemes within the U.S rose to nearly $2.4 billion in 2021, up 33% from the previous year and up tenfold since 2015.

These attacks typically begin with a security breach of some sort – an unpatched system, an unaddressed vulnerability, or a phishing email that someone clicks on. Once the perpetrators are inside, they then rely on spoofing emails that impersonate executives, financial personnel, CEO, vendors, or partners. The goal is to request what appears to be legitimate business payments from authentic-looking emails from a known authority figure. Done well, employees comply without thinking and transfer large sums of money to an untraceable account.

Example: The CEO is in Asia working on the latter stages of an acquisition. A BEC scam might involve sending legitimate-looking emails from actual corporate email addresses (or addresses that look similar to legitimate email accounts). These messages give authorization to transfer funds NOW to a certain bank account. But it isn’t always money. Sometimes the goal is to steal an employee’s personally identifiable information, or wage, financial, or tax forms.

Nail Salon Scammer

The owner of a nail salon in California scored big with BEC by tricking a public school district in Michigan into wiring its monthly health insurance payment to its bank account. $2.8 million was stolen. Banks managed to recall about half of it.

Investigators discovered that a hacked HR identity began the event. By masquerading as the HR staffer, the person convinced the finance department to send the money to a new account. But the plot thickens in this case. The nail salon owner claimed someone in Europe convinced him to accept the funds and forward them to other accounts. The FBI countered that this is a ruse to escape conviction.

In other examples, major deals have been hijacked by scammers. A U.S. nonprofit was fooled into sending an approved grant for $650,000 to a fake account. Again, email phishing was the culprit. The email of someone in accounts was taken over by a thief, and wire details were changed at the last minute. The money went to an account in Texas and was moved on from there. Law enforcement actions to date have failed to locate the money or bring the perpetrators to justice.

Further BEC tactics utilize “deep fake” audio and video messages generated by artificial intelligence that pretend to be from executives, enticing subordinates to sending funds.

In many cases, criminals hack into corporate systems months before, using known but unmitigated vulnerabilities. They then sit tight, quietly monitor traffic, and note the best opportunity. As a deal is unfolding, they take control of an email account, send an urgent request to someone in finance, and divert the funds to the wrong destination. By the time the scam is suspected, typically the next day, the money has disappeared.

Even the federal government can fall for such tricks. The U.S. State Department was another recent target. $200,000 allocated to farmers in Tunisia was redirected to who knows where.

What to Do to Prevent BEC Attacks

To prevent this happening to you or your organization, employee education is vital, particularly about phishing and other social engineering trickery. Multi-factor authentication is another important element.

Specific to BEC, warning signs include sudden urgency injected into financial transfers, requests to use new accounts, or email addresses and domains that are almost, but not quite right. Scammers often set up fake websites and email addresses that look genuine until you look more carefully. Where money or major changes are involved, always verify using another communication method than email.

The Power of Syxsense

And back up these sensible actions with comprehensive Unified Security & Endpoint Management (USEM) protection. Syxsense Enterprise can detect and remediate breaches automatically. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Who Is Securing Our Systems?

By Blog

Who Is Securing Our Systems?

With distributed cloud-oriented environments, confusion is inevitable on the IT security side.

The Question of Security

With compute environments being so distributed and so cloud oriented, confusion is inevitable, particularly on the security side. Within organizations, applications and data are split between on-premises systems and the cloud. Not just one cloud. Many organizations operate multiple clouds or subscribe to services from a great many providers.

And then there is the software and services supply chain. It is no longer usual for one provider to take care of everything. A great many vendors are typically involved in various workflows and systems. Providers like Kaseya and SolarWinds, for example, provide underlying systems that other software relies upon. Remote monitoring and management systems like these are used by countless enterprises and vendors as part of their external or internal offerings.

Managed service providers (MSPs), too, rely on such applications to take care of software delivery and general remote operation. This enables them to focus on their core competencies such as backup, security, or CRM. Even internally within organizations, there tends to be a reliance on a variety of systems to be able to remote into employee devices, deliver updates, and more.

Bottom line: This labyrinth is so pervasive that it is very hard to keep track of who is exactly doing what. And who is responsible for which functions.

Cloud Insecurity

This is bad enough on general IT management. But when it comes to security, the repercussions can be disastrous. The lines of demarcation on security duties must be well known.

This problem has already come to head following some well publicized cloud breaches. Some enterprises blamed their cloud providers for attacks, only to be quoted the fine print about what the cloud provide was actually responsible for. Yes, they secure their own clouds. Yes, they provide a series of cloud features. And yes, they promote these in ways that may make it seem that they cover all aspects of security. But they don’t.

The user is usually responsible for the integrity of the files being sent to the cloud i.e., ensuring no malware lurks inside. Further, some cloud providers hold the user organization responsible for encryption of files being sent to the cloud.

In other words, the delineation of duties isn’t always clear. Hence, someone in IT might be asked, “who is securing our systems and our data?” And the response might be, “I thought the cloud provider was doing that.”

Cybercriminals Taking Advantage

The software and IT services supply chain now sprawls across all corners of the web. And the cybercriminals are capitalizing on the grey areas between providers and client organizations to find zones that “fall between chairs.” Each party thinks the other one is taking care of that security function. The Kaseya and SolarWinds hacks were only the beginning. They showed the bad guys that it was far smarter to hack one company and have its supply chain network distribute that software to large numbers of organizations.

No wonder supply chain breaches are exploding. An NCC Group paper found that cyberattacks on supply chains increased by 51% between July and December 2021, based on a survey of 1,400 cybersecurity decision-makers at organizations with over 500 employees in 11 countries. 36% believe they’re more responsible for preventing, detecting, and resolving supply chain attacks than their suppliers.

However, 53% say both their company and its suppliers are equally responsible for the security of supply chains. Nearly half say they don’t stipulate security standards for their suppliers, and a third don’t regularly monitor and risk assess their suppliers’ cybersecurity arrangements.

As more supply chain breaches happen, though, awareness of this problem area is rising. More companies are recognizing supplier risk as a key challenge. They plan to increase security budgets by an average of 10% this year.

Take Charge of Your Own IT Security

Anyone utilizing the cloud is advised to carefully weed out any ideas within the IT ranks that someone else takes care of cloud security duties. It is up to IT to secure its own systems, data, devices, and identities. And to define exactly what providers do and don’t do with regard to security. Assume it is NOT secured unless you have a guarantee in writing from the provider. Be tenacious in hunting down the facts about the division of duties.

Syxsense provides SaaS and MSP-based security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation.

To take one example: In patch management, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Gartner Predicts the Future of Endpoint Security

By Blog

Gartner Predicts the Future of Endpoint Security

Gartner recently completed an in-depth review of the entire endpoint security landscape. What should organizations be aware of?

What’s Coming for Endpoint Security?

Gartner recently completed an in-depth review of the entire endpoint security landscape. The analyst firm delved into every facet of endpoint security to determine which technologies were rising, which were being eclipsed by more modern approaches, and what the future holds.

Researchers pointed to unified endpoint security (UES) and unified endpoint management (UEM) as being among the major waves of the security future. While these technologies are still evolving they are rising rapidly in adoption as more and more vendors manage to unite their various endpoint offerings under one fully integrated umbrella.

Traditional Endpoint Detection and Response (EDR)

Traditional endpoint detection and response (EDR) systems have become a popular way to protect enterprise endpoints from attacks and breaches, and as a means of achieving secure remote access. Some vendors are adding to EDR capabilities via extended detection and response (XDR) suites.

What is the difference? EDR focuses on protecting endpoints only. XDR takes a wider view. It integrates security across endpoints, cloud computing, email, and other areas. This is particularly important in light of the larger trend of more and more people working from home. XDR offers a broader zone of protection.

Gartner notes that endpoint security innovators have been focusing on better and more automated prevention, detection, and remediation of threats. One of the goals is to protect endpoints while enabling access from any device to any application over any network and with a good user experience in terms of performance and low latency.

Vendors are introducing, for example, UES and UEM suites that combine elements of EDR, endpoint protection platforms (EPP), and mobile threat defense (MTD) into one integrated toolset. UES suites focus on endpoint security and provide some management features. UEM, on the other hand, stresses management and typically includes good security functionality, too.

What’s changing?

The lines are blurring. These products can secure workstations, smartphones, and tablets and manage it all from a single console. They offer a way for businesses to achieve some degree of vendor consolidation, at least on security. Instead of having one vendor for patch management, another for EDR, another for mobile device management, and others for MTD, EPP, and other functions, it can all be rolled into one consolidated system.

According to Rob Smith, an analyst at Gartner, UES offers plenty of benefits and is now on the radar for up to 20% of its target market.

“Unified endpoint security brings together endpoint and protection, as well as MTD under a unified platform, with tight links to endpoint management infrastructure for end user facing devices, such as Windows 10, macOS, iOS, Android and — in some cases — also extending to Linux and Chrome OS,” said Smith. “UES has the potential to be a single best-of-breed solution for all endpoint security, provided that the unified product’s cross-device data analytics is strong.”

He recommends that organizations evaluate UES adoption based on three goals:

  • Extend detection and response beyond the laptop and desktop to mobile devices.
  • Unify endpoint security and management workflows from a single console.
  • Allow for complex, posture-based policy application along with supporting technology like secure remote access.

Organizations, therefore, should harness tools such as UES and UEM to consolidate all endpoint security onto a single suite to lower support costs and improve threat prevention and detection, and incident response.

The Power of Syxsense

Syxsense Enterprise bring the best of UEM and UES together. It is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread.

Syxsense Enterprise can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Ransomware Continues to Wreak Havoc

By Blog

Ransomware Continues to Wreak Havoc

With ransomware attacks growing in volume, organizations need all the help they can get with managing these threats.

The Rise of Ransomware

Ransomware has been in the headlines for a couple of years now. One day, stories will be written that explain how the ransomware epidemic is now over. That day has not arrived.

Yet with all the media coverage ransomware attacks constantly attract, it would be reasonable to assume that its effectiveness and impact would lessen due to greater overall awareness of the problem. The opposite appears to be true, according to a new study by Enterprise Strategy Group (ESG). Gaps in readiness continue to make it difficult for many organizations to manage and recover from attacks.

Here are some of the statistics uncovered by ESG: 73% of organizations that experienced a ransomware attack in the past 12 months were negatively impacted. i.e., three quarters didn’t deal with it well.

Even in those organizations with big security budgets and mature security processes in place, 75% suffered significant operational disruption. These numbers call into question how organizations are defending themselves against ransomware via effective detection, prevention, mitigation, and recovery.

Bargaining with the Devil

Blackmail is one of those crimes that just won’t go away. If the victim pays, it is rare that the perpetrator doesn’t return again and again to extort yet more money. It is the same with ransomware.

According to ESG, 61% of those who paid a ransom were subjected to further extortion attempts resulting in extra payments being made on top of initial sums. The FBI’s warning never to pay a ransom clearly makes sense. You are striking a bargain with devil but paying a ransom. Yes, they said they would leave you alone, but:

  1. They usually want more money within a short time
  2. They often leave some malware inside your systems even when they provide you with decryption keys.

Among those meeting ransom demands, only 14% said they retrieved all their lost data. The only guarantee there is when paying a ransom is that more trouble from the same cybercriminals lies just over the horizon.

IT Skills Gap

Part of the reason why ransomware remains so potent is the difficulties organizations are experiencing with IT staffing. Many organizations just don’t have trained staff knowledgeable enough to effectively address the ransomware scourge. According to ESG, 45% admit to struggling to acquire or retain the skills needed to respond to ransomware breaches.

“Unfortunately, many organizations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” said Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasize effective, rapid, and complete recovery.”

Finding The Right Kind of Help

With ransomware attacks growing in volume and severity and paying the ransom no longer a guarantee of recovering your data, organizations need all the help they can get in dealing with this ever-present danger.

Syxsense Enterprise provides comprehensive defense against ransomware that encompasses prevention methods, detection, and remedial action. It is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment.

This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

May Patch Tuesday 2022 Addresses 74 Critical Issues

By Patch Management, Patch Tuesday

Watch our May Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft Fixes New Bugs this Month, Including Public Aware & Weaponized Threats

There are 7 Rated Critical and 66 are rated Important with the remaining 1 marked as Low.  Microsoft Windows and Windows Components, .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office and Office Components, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Cluster Shared Volume (CSV), Remote Desktop Client, Windows Network File System, NTFS, and Windows Point-to-Point Tunnelling Protocol have all been updated.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “One of the most serious characteristics of a vulnerability is the Scope; which we call the Jump Point.  It suggests that should a hacker expose a specific vulnerability, they would be able to jump from that specific technology and hop into another, which is exactly what they did with the Solar Winds hack.  In this release Microsoft is resolving 11 vulnerabilities which have an exposed Jump Point.”

Top May 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.

1. CVE-2022-26925: Windows LSA Spoofing Vulnerability

An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.  This security update detects anonymous connection attempts in LSARPC and disallows it.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

2. CVE-2022-22713: Windows Hyper-V Denial of Service Vulnerability

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Syxscore

  • Vendor Severity: Important
  • CVSS: 5.6
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

3. CVE-2022-26937: Windows Network File System Remote Code Execution Vulnerability

This bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes – This vulnerability is not exploitable in NFSV4.1. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV2 and NFSV3.

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

Reference Description Vendor Severity CVSS Score Public Aware Weaponised Countermeasure Syxsense Recommended
CVE-2022-26925 Windows LSA Spoofing Vulnerability Important 8.1 Yes Yes No Yes
CVE-2022-29972 Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver Critical N/A Yes No No Yes
CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability Important 5.6 Yes No No Yes
CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability Important 9.8 No No Yes – This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Yes
CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No Yes – A system is vulnerable only if Active Directory Certificate Services is running on the domain. Yes
CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability Important 8.2 No No No Yes
CVE-2022-21972 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-23270 Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability Critical 7.5 No No No
CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability Important 7.4 No No No
CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-22016 Windows Play To Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability Important 7 No No No
CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability Important 6.5 No No No
CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Important 6.5 No No No
CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No No
CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No No
CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.1 No No No
CVE-2022-30130 .NET Framework Denial of Service Vulnerability Low 3.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Start a Free Trial
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

How Cloud Anarchy Leads to Insecurity

By Blog

How Cloud Anarchy Leads to Insecurity

Cloud is getting crowded — that poses a problem in the IT security space and it's continuing to get worse.

The Issue of “Overclouding”

The scope of some cities in Asia boggles the mind. There are places in China you never heard of that are already bigger than Los Angeles, New York, or London. Seoul, Manila, Shanghai, and Delhi all have at least 25 million people in their metropolitan sphere. Tokyo metro is up to more than 37 million. Jakarta and Delhi are rapidly catching up. One of them may soon take over as the largest urban center in the world.

There are a great many advantages to urban living. Everything is close to hand, labor is available, and economies of scale can be generated. But if you have ever driven in any of these Asian cities or in LA, New York, Houston, or London for that matter, you will have been shocked by the volume of traffic. These cities are crowded. Commutes are long. Freeways are jammed. Gridlock is the norm. Crime tends to soar in dense urban settings.

The cloud is heading in a similar direction. Laura DiDio, an IT and security analyst at ITIC, notes that that the cloud is getting crowded. Public and hybrid cloud markets are hotter and more competitive than ever. 2022 will see $1.3 trillion in cloud spending, rising to $1.8 trillion by 2025 according to Gartner, outpacing non-cloud IT spending. DiDio predicts that hybrid cloud adoption will accelerate in the coming years. Thus, IT systems will continue to be split between internal and increasingly dispersed external cloud components.

The Issue of IT Security

That poses a big problem of security. ITIC’s 2022 Global Server Hardware Security survey found that businesses suffered an 84% surge in security incidents like ransomware, email phishing scams, and targeted data breaches over the last two years. Each successful breach has a financial cost of $4.24 million, according to the Ponemon Institute. The price tag has risen by 20% in the past two years. The problem has only gotten worse as organizations deploy more cloud services across multiple clouds and as they try to support a vast network of mobile and work-from-home employees.

Overclouding Multiplies Risk

More than half of all business malware is aimed at work-from-home employees using cloud applications. Like a modern, rapidly expanding and gridlocked city, “overclouding” greatly increases the risk of a security incident.

Inside many enterprises, IT struggles to stay on top of the scope and extent of the organization’s overall cloud footprint. Never mind staying in control; some IT departments have no idea how many cloud applications are being run from various parts of the enterprise.

With cloud apps being so accessible and traditional IT procurement practices being so time consuming, cumbersome, and bogged down in red tape, line of business heads have been taking matters into their own hands. They are signing up for SaaS, and other as-a-Service options in record numbers. This is a nightmare for security vendors. How can you track, monitor, and safeguard systems and applications if you are not even aware they are running, and don’t know on how many devices?

Relieving City Congestion

Massively congested cities like Jakarta and Cairo have come up with a novel solution to the overcrowding problem. They are building new capital cities. Egypt, for example, is close to completing its new administrative capital about 45 km east of Cairo to ease congestion and make it easier to conduct the business of government. Traffic was so bad that government meetings often failed to materialize. The new capital should solve that problem and make the administration of government smoother.

IT doesn’t have that option. Until a new, wholly secure internet is invented, security issues are a fact of life. Risk and threat lurk in every email, webpage, or connection to the cloud. The best approach is to up your security game.

The Syxsense Advantage

Syxsense Enterprise is the world’s first IT management and Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment. This represents the future of threat prevention.

Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates.

IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

 

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Enterprise Unifies Endpoint Security and IT Management for Real-Time Vulnerability Monitoring and Remediation

By News, Press Release

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

IT Teams can now manage, detect, and secure all endpoints with 100% visibility across desktop, laptop, server, and mobile devices

 

ALISO VIEJO, Calif. – [May 3, 2022] – Syxsense, a global leader in IT and security management solutions, today announced Syxsense Enterprise™, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment. Syxsense Enterprise combines Syxsense Secure, Manage, and Mobile Device Manager to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate vulnerabilities.

“As threats get more complex, it’s important that IT teams have consolidated solutions for IT management and endpoint security. Syxsense Enterprise is designed to give them a centralized cloud-based platform for scanning, patching, recognizing, and remediating vulnerabilities that could lead to attack or exploitation of endpoints,” said Ashley Leonard, Founder and CEO at Syxsense. “By offering our customers a unified cloud solution, we enable complete control over every endpoint device on the network so they can secure business-critical resources quickly and streamline security operations.”

Syxsense Enterprise is the industry’s first Unified Security and Endpoint Management (USEM) solution that addresses the three key elements of endpoint security – vulnerabilities, patch, and compliance. It layers on a powerful workflow automation tool called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag and drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.

It also includes Syxsense’s recently launched Mobile Device Management (MDM) solution, which allows IT to manage devices running on iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments. Syxsense MDM includes all the tools necessary for Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe (making it possible for IT to wipe sensitive data from lost or stolen devices).

“As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network connected mobile endpoints soaring,” said Charles Kolodgy, principal at advisory firm Security Mindsets. “The need to manage and secure an increasing number of endpoints, including desktops, mobile phones and other devices, is becoming more apparent every day as sophisticated threats grow exponentially. Syxsense Enterprise is offering a solution that solves the need to both secure and manage a vast collection of endpoints. The key is the ability to scan for vulnerabilities and patch without losing business continuity.”

The key features of Syxsense Enterprise include:

  • Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status.
  • Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.
  • Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.
  • Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network.
  • Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.
  • Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly.

For more details or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

 About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo