Skip to main content
Category

Blog

Achieving HIPAA Compliance: Dynamic Endpoint and Patch Management

By Blog, Cybersecurity, Endpoint Security

When you work in a sprawling healthcare complex, where are you going throughout the day?

​​It’s not just about the hospital. It’s about the outpatient clinic, the physical therapy center, the nursing home, and all of the buildings that make up your healthcare system.

It’s also about tracking all of those devices as they move between them—and making sure they’re always safe. How do you make sure they’re being used and updated properly? How do you keep track of their maintenance, especially when they’re moving between departments and floors?

And when costs aren’t trickling down to security, how can teams safeguard Protected Health Information (PHI) while dealing with mainframe and legacy software?

Such are the realities that IT teams in healthcare have to contend with when it comes to protecting patient health data. You don’t just need confidence. You need live data and proof.

How Legacy, Mainframe, and Other Everyday Operations Put HIPAA Compliance at Risk

Healthcare systems can be on-premises, in the cloud, or spread across multiple clouds.

Whether applications are fully cloud-based or on-premises, protection continues to be complex. Plenty of healthcare providers still use mainframe and other legacy on-premises systems as the core of their record systems.

Transactions within these older systems travel externally through cloud applications and back as part of a transaction. Unbeknownst to many cloud system users, legacy transactional system connections are part of the workflow.

Healthcare organizations patch systems they believe are involved in PHI but miss other systems where privacy data flows.

It’s impossible to be aware of all the little habits and everyday operations that can introduce vulnerabilities (or tell them to come on in and wipe their feet on the “Welcome Home” mat.) While healthcare facilities are designed to keep patients safe, what do you do when your own employees are a threat?

Practices like:

  • Account sharing
  • Reluctance to implement two-factor authentication (2FA)
  • Fractured teams
  • Using pagers and fax machines
  • Preferring to use an outdated version of software
  • Using legacy systems that haven’t been updated in 20+ years
  • Applications running on Windows XP, 2000, and 98
  • Having no documentation/playbooks for incident response
  • Being stuck in a reactionary cycle

… All create security risks.

While a healthcare system or cloud may seem completely protected, vulnerabilities still exist, ready to be exploited due to these weaknesses.

What’s Worse: Badly Done or Not Patching at All? They Both Lead to Data Breaches

Is it a case of choosing the lesser evil? Badly done patching or no patching at all? Unfortunately, both paths lead to data breaches.

If you don’t update your software, you’re leaving yourself open to attack by hackers who could easily exploit holes in your system—holes that could’ve been fixed with a simple update.

A study by the Ponemon Institute found that 68% of data breaches occur because patch management is poorly executed.

Among companies that suffered a data breach:

  • 61% of respondents said their organizations were at a disadvantage in responding to vulnerabilities because they used manual patching processes.
  • 55% added that their dependence on manual processes for patch management had led to backlogs and errors. (The report recommends replacing manual processes with automated patching solutions.)
  • 57% said these breaches probably occurred due to a patch being available for a known vulnerability that had not been implemented.

So what can you do?

  1. Make sure that all of your devices are up-to-date with their latest patches.
  2. Check for third-party software patches.

The downside is this requires manually searching for and applying patches. Doing this manually eats up a ton of time and resources for IT teams, which diverts skill away from other crucial tasks (not that patching isn’t crucial.)

Organizations are exploring automated patching to simplify and expedite the process. Tasks that would normally take hours or days to complete happen in minutes or seconds—without having to expand your team. In today’s world of security, it’s all about working smarter, not harder.

But what does it look like in a cyber-threat landscape that’s constantly evolving?

Build Your Own Dynamic Endpoint Management That Covers Vulnerability Scans, Patching, and Compliance

There will never be a “silver bullet” solution for cybersecurity. Instead, a successful approach is one that uses multiple tactics in concert with one another—a symphony of security.

Syxsense Enterprise is one platform that lets you be proactive instead of reactive.

With built-in workflow automation, you can offload the most time-consuming and painful parts of your cybersecurity practices—the parts that keep you from achieving higher goals. Like protecting your PHI, saving time, and money, and ultimately focusing on what matters most: healing people.

We speak with overworked MSPs and teams every day, and so many of them say they need a lead time of mastery that’s only a few hours—not six months. (Patients and hackers aren’t waiting for six months.)

Need help with all of the above?

There’s a real-time security solution for healthcare. Schedule a demo with us today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Cyber security data protection online computer network and personal privacy user access key protect and hacker cybercrime prevent or safety storage cloud transfer sharing financial internet banking

Automation Is the Key to Improving Time-to-Remediate and Time-to-Patch

By Blog, Cybersecurity, Endpoint Security, Patch Management, Vulnerability Management

Cybercriminals are notorious for their swift actions. Once a zero-day exploit is discovered, they waste no time infecting numerous systems in the hours that follow. This malicious activity persists for weeks, and in some cases, even months, due to the sluggish response of many organizations in implementing necessary patches and taking remedial measures.

Responding to a zero-day exploit can be a laborious and time-consuming process, especially for organizations lacking automated systems. The response time spans from just a few hours to several weeks, depending on the complexity of the exploit and the efficiency of the remediation process employed by the organization. One has to consider the time required to identify, validate, and fix the vulnerability, plus the additional time needed to deploy the patch across all affected systems. In many instances, the longer the time-to-remediate or resolve (TTR) and time-to-patch, the more severe the potential consequences, underscoring the critical role of automation in cyber risk response.

Similarly, if cybercriminals unearth a weakness in the organizational defenses or manage to compromise a user account, they don’t waste time capitalizing on it. Some launch a major attack in seconds by unleashing ransomware or other malware. Others use that foothold to gain access to privileged accounts or mission-critical systems. They move rapidly and then quickly cover their tracks. Their goal is not a smash-and-grab raid. They want to learn the workings and finances of the organization unobserved while they determine the most lucrative and opportune way to profit from their efforts. When they strike, the only thing preventing devastation is the ability of the organization to respond effectively with the minimum of TTR.

Rapid Patching Minimizes Time-to-Remediate Emergencies

Many cybersecurity response emergencies can be traced back to failure to effectively and speedily patch. The correlation between cybersecurity emergencies and a failure to patch quickly is largely about the window of opportunity. Cybercriminals strive to exploit the vulnerability before the organization can patch it. This situation often leads to a lag time between the discovery of a flaw and its patching – a window that cybercriminals exploit. This is why automation is so crucial in reducing the time-to-patch.

Despite this reality, the majority of organizational breaches occur due to the exploitation of known vulnerabilities for which patches exist but were not implemented. The latest Verizon Data Breach Investigations Report (DBIR) sheds light on the fact that unpatched vulnerabilities, such as Log4j, were among the most severe incidents reported in 2022. The report emphasizes the criticality of promptly patching known vulnerabilities and swiftly addressing zero-day exploits and other attack vectors. In essence, organizations with poor time-to-patch and time-to-remediate (TTR) metrics expose themselves to greater risks.

How Can Enterprises Reduce Their Time-to-Patch and Time-to-Remediate?

Automation is the ultimate solution for reducing time-to-patch and TTR. With the sheer number of patches that require deployment across numerous endpoints scattered across various clouds, systems, and networks, manual patching simply cannot keep up. By automating the patching process, organizations can significantly minimize the gap between identification and remediation of vulnerabilities, thereby reducing the window of opportunity for cybercriminals to launch an attack. When patches are deployed rapidly and effectively, it lessens the occurrence and severity of cybersecurity emergencies.

Automation can help enterprises accomplish such things as:

  • Comprehensive scanning to detect all endpoints and devices
  • Rapid patch deployment
  • Patch and remediation workflow automation, ideally with no scripting required
  • Pre-checks of available system, network, and endpoints resources to ensure patches and remediations can be deployed
  • Testing of patches before full production deployment
  • Verification of patch installation

With these items addressed by automation, time-to-patch and TTR can be brought down to hours or days versus weeks, months, or years.

Syxsense Cortex: The Ultimate Scanning and Remediation Automation Tool

Syxsense Cortex simplifies complex IT and security processes via automation. It is a drag-and-drop visual editor that removes the need for scripting expertise. With an ever-growing library of pre-built workflows and templates, organizations can lower their IT and cyber risk as it pertains to vulnerabilities, reduce the burdens of tedious tasks for IT and security teams, and enable them to focus on critical business initiatives.

Syxsense Cortex enables users to combine logic, approvals, and actions to automate complex processes and bring an end to long patch and remediation timelines. Syxsense Cortex also makes it possible to deploy several software updates simultaneously and effortlessly. Its script-free capability minimizes repetitive manual work and reduces the time needed to complete complex tasks. It streamlines the management and remediation of security issues enabling them to be detected much sooner. Further benefits include the visualization of workflows and processes ranging from inventory to scans, patch prioritization and supersedence, patch verification, detection and remediation of vulnerabilities, and a variety of other IT management and security actions.

Never again wonder about your true security and management posture. Syxsense can help you realize the benefits of automation while providing real-time monitoring and alerting that will keep you in the know on potential threats as well as any changes that occur in your environment. And then leverage Syxsense Cortex to reduce your risks automatically.

See how quickly you can improve your endpoint and security posture with Syxsense. Schedule a custom demo below.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Doctor showing chest x-ray on digital tablet to female patient, view from above

Patients Becoming More Affected By Healthcare Data Breaches

By Blog, Cybersecurity, Healthcare Industry

Things going through your head after your workplace was hit by a breach: 

How much Protected Health Information was accessed? Will I have to pay HIPAA penalties? How do I tell my patients? How many of my patients are affected by this data breach? What’s required of me right now, legally?

You weren’t prepared for this level of uncertainty. Even though there’s been a decrease in healthcare breaches, a concerning trend has emerged: a higher number of patients are affected per breach. It’s a bittersweet situation. 

Doctors are locked out of patient files and resort to handwritten notes. Equally challenging, is letting patients know they were affected by the breach. How do you give them a transparent and thoughtful approach to protecting their privacy and well-being? 

Identity theft is a serious crime, and it’s not the only crime committed by using someone else’s Protected Health Information (PHI). Hackers also use PHI to secure benefits, prescriptions, and insurance coverage.

You need to be ready to play offense and defense when it comes to the protection of your patient’s privacy. Security is not a static concept. It’s an ever-evolving strategy that needs preparation and response plans set in place.

The medical industry has been evolving for decades. Reluctancy costs healthcare more than just money.

It’s time for your security and playbooks to evolve, too.

Two indicators that more patients are targeted by cyber attacks

According to the Healthcare Data Breach Report:

Attacks don’t need to be the most sophisticated or a zero-day in order to succeed. 

Hackers are working to find and capitalize on out-of-date security practices in healthcare. And when one attack catches the attention of the security community, it’s even easier to blend into the background and exploit other avenues.

The best way to avoid such an attack is to implement a layered defense system, including physical security measures like employee training on how to identify and avoid phishing scams, social engineering attacks, and other types of threats.

Here’s what hackers don’t want you to know about patching

Unpatched systems and misconfigurations are leaving your PHI vulnerable to attack, leading to theft, encryption, patient impersonation, and even financial fraud.

Hackers want you to be slow to adapt. Old security practices and reluctance builds their ladder inside. They count on your inaction, because scheduling downtime for maintenance is overwhelming, or patching third-party tools is too much.

And if you don’t have the capacity for after-hours…

Will you have the capacity and hours when systems are down?

When should you secure your most important endpoints?

Do you know how many known vulnerabilities are out there? These bugs aren’t from obscure systems. Hundreds of vulnerabilities come from the most popular vendors with Google, followed by Microsoft, Adobe, IBM, Oracle, Jenkins, Apple, Tenda, Huawaie, Cisco, Linux, Siemens, Qualcomm, Intel, Apache, TotoLink, SAP, Dell, Bentley, and Samsung. 

Healthcare providers around the world rely on software and hardware from these vendors. With so many ways to get in, how long can your endpoints wait? 

You need a new way to protect patient data that’s more than just an extension of what you’ve always done before. 

A paradigm shift in how you find and prioritize the patches that keep criminals from exploiting out-of-date applications.

Syxsense Enterprise is cloud-based security with real-time monitoring and instant remediation for every single endpoint in your healthcare environment. The future of patching any device looks like flexible, staggered scheduling that causes as little disruption as possible.

Syxsense is more than just patch management—it’s a suite of security that Universal, Belkin, PBS, Netgear, IBM, Best Western, and others rely on. They knew that securing their most important endpoints was more important than ever, and they knew they couldn’t do it alone.

Do you have any questions about your patch and compliance requirements? We’re happy to talk about how you can stay up to date. Schedule a time to talk with us today

September 2023 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

By Blog, Patch Management, Patch Tuesday

Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

There are 2 Critical, 55 Important, 1 Moderate and an NA severity fixed this month.  Microsoft Windows and Windows Components, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics and Windows Defender have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which are Weaponised and one of those are also Publicly Aware. If you count all the individual CVSS scores together, September has a combined CVSS score of 434.3 down from 531.5 last month; however, the average CVSS score was 7.4 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector.

Note:  The vulnerability is Weaponised and Publicly Aware

Syxscore

  • Vendor Severity: Important
  • CVSS: 6.2
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

This vulnerability has been found by the Microsoft Threat Intelligence team and could be linked to an existing Ransomware attack.  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is Weaponised

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.

Note:  The vulnerability is More Likely to be Weaponised

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No
Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Additional Information Countermeasure Exploitability Assessment Impact
CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability Important 6.2 Yes Yes Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector. No Exploitation Detected Information Disclosure
CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Important 7.8 Yes No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Detected Elevation of Privilege
CVE-2023-38148 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Critical 8.8 No No Yes Exploitation More Likely Remote Code Execution
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 8.8 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-38147 Windows Miracast Wireless Display Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No Exploitation Less Likely Spoofing
CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability None 8 No No In a network-based attack, an attacker could trigger malicious code in the context of the server’s account through a network call. No Exploitation More Likely Not a Vulnerability
CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36740 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36760 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36765 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36766 Microsoft Excel Information Disclosure Vulnerability Important 7.8 No No No Exploitation Less Likely Information Disclosure
CVE-2023-36770 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36771 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36772 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36773 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36788 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36804 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38139 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38141 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38142 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38143 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38144 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38150 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Exploitation Less Likely Elevation of Privilege
CVE-2023-38161 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass Important 7.8 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-36800 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 7.6 No No No Exploitation Less Likely Spoofing
CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
No Exploitation Less Likely Spoofing
CVE-2023-38164 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
No Exploitation Less Likely Spoofing
CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Critical 7.5 No No An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36763 Microsoft Outlook Information Disclosure Vulnerability Important 7.5 No No Exploiting this vulnerability could allow the disclosure of credentials. No Exploitation Less Likely Information Disclosure
CVE-2023-38149 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No Yes Exploitation Less Likely Denial of Service
CVE-2023-38162 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Exploitation Less Likely Denial of Service
CVE-2023-36762 Microsoft Word Remote Code Execution Vulnerability Important 7.3 No No The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. No Exploitation Unlikely Remote Code Execution
CVE-2023-38156 Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability Important 7.2 No No An attacker who successfully exploited this vulnerability could gain domain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36805 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality. No Exploitation Less Likely Remote Code Execution
CVE-2023-38155 Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability Important 6.7 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Denial of Service
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability Important 6.5 No No No Exploitation Less Likely Denial of Service
CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability Important 5.7 No No No Exploitation More Likely Information Disclosure
CVE-2023-36803 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation Less Likely Information Disclosure
CVE-2023-38140 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No Exploitation Less Likely Information Disclosure
CVE-2023-38160 Windows TCP/IP Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation More Likely Information Disclosure
CVE-2023-36801 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation Less Likely Information Disclosure
CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation More Likely Information Disclosure
CVE-2023-36736 Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability Important 4.4 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36767 Microsoft Office Security Feature Bypass Vulnerability Important 4.3 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-41764 Microsoft Office Spoofing Vulnerability Moderate No No No Exploitation Less Likely Spoofing
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Internet network security concept with blurred city abstract lights background

How to Shrink Your Attack Surface With Patching and Automated Remediation

By Blog, Cybersecurity, Patch Management

“What is my attack surface?”

Consider all of your internet-accessible software, hardware, and cloud assets. It’s all the points of vulnerability within a system that hackers can exploit. The wider the surface—the more opportunity for hackers to exploit. 

Spotting and eliminating these vulnerabilities toughen access for unauthorized parties. 

If you think you have a small attack surface, consider that your attack surface grows organically.

It expands through third-party software, bad passwords, disabled firewalls, phishing campaigns, delayed patching, human errors, legacy assets, and maybe other ways you don’t know about.

Hackers are targeting a broad range of industries: financial and banking institutions, manufacturing, schools and universities, tech companies, healthcare providers, and even government agencies. They’re not only targeting the big names—they’re also going after smaller businesses. 

As online theft and hacking have evolved, so have your defense strategies. 

When you manage your attack surface with the right security controls in place—you shrink it—along with the likelihood of facing beaches by hackers.

Your security is not a one-time event. It’s an ongoing process that includes consistent patching and vulnerability remediation procedures. 

What can you do to patch and scan while protecting your time, eliminating manual processes, and working on the more challenging parts of security?

Below are ways to handle patching and scanning that save time, remove manual processes, and free you to take on the more exciting intricacies of security and business.

The Best Way to Customize My Patch Deployment

Patching is the process of upgrading software so that it can be used safely on a computer system. It fixes flaws or improves functionality. It’s like applying a band-aid to a wound, covering the vulnerabilities in your software systems that hackers could potentially exploit. 

Like an annual flu shot that adapts to new virus strains, patching updates your software to defend against the latest threats.

Ever wonder when the best time is to schedule the next patch?

You need to protect employee productivity, downtime, and costs. 

It’s why so many teams rely on automation to schedule deployments in recurring maintenance windows. 

When done consistently, patching reduces your attack surface. Up-to-date software locks the door against threats. Automation continually works in the background to prioritize and patch the most critical vulnerabilities, all while monitoring any changes in your attack surface.

Is Self-Aware Security Remediation the Future?

What is your weakest link?

How do you fix them… and quickly?

Vulnerability scanning is a proactive practice—and not one that’s easy to do manually, either. Your vulnerabilities are spread across software, systems, networks, and devices.

With so many devices (and probably not enough time), you need a way to regularly scan for security gaps, misconfigurations, patch updates, and other exploitable points across your entire attack surface. 

What devices do I need to target?

How do I figure out what to do with them?

When do I do it?

How often?

Automated remediation takes care of it for you through customized access policies and remediation workflows.

Security teams have been looking to offload manual processes to work on more challenging and exciting parts of security, but they don’t want to compromise the quality of protection.

When live data and monitoring communicate and react to behavioral and state changes on your endpoints, automation can remediate vulnerabilities as they’re discovered. Thousands of devices can now self-heal and self-manage, leading to fewer avenues of invasion, and less risk of successful attacks.

Here’s What to Expect With Personalized Automation

Patching and remediation are just one aspect of a comprehensive security strategy. A multi-layered approach includes a little bit of everything: training your staff, regular audits, and strong access controls.

The best way to keep your organization secure is to understand the state of your network at all times. But you can’t be everywhere, all the time. 

Automated patch and vulnerability management tools handle updating and addressing weaknesses, reducing the time and effort required by teams to “DIY.” It’s everywhere, all the time, for you.

​​The security industry is moving toward a more personal, automated approach to cybersecurity. Personalized automation lets you focus on strategy, not administration. It’s not just about making your work easier. It’s about giving you more time to do what matters most: solving problems, protecting people, and making the world a better place.

It’s never been easier to develop and manage automated workflows for patching, vulnerability scanning, endpoint management, and remediation to get more done and safeguard your valuable assets. Schedule a demo below to find out how.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Doctor use computer connection server data base patient for technology treatment in hospital

Hackers Playing on Fear: Is Your Browser Safe?

By Blog, Cybersecurity, Healthcare Industry

“UPDATE EXCEPTION. An error occurred in Chrome’s automatic update. Please install the update package manually later or wait for the next automatic update.”

For many employees, they need to access multiple applications and systems throughout the day, including the Internet. That’s why a recent attack was so powerful. 

Playing on security fears with internet browsers, malicious attackers compromised websites with JavaScript that would produce a fake Chrome update, just like the one above. 

It’s not a real update. And this trick worked on hundreds of people who clicked on the update and infected their network. 

Vulnerabilities Lurk in the Shadow of Popularity

Chrome has 2.65 billion active users. That’s a lot of people… and a lot of potential victims.

Chrome is one of the most popular browsers in the world. Still, there’s bugs in software. Attackers know that and target it. Keeping Chrome up to date is critical.

One common bad habit is leaving Chrome open for too long and pushing off any update messages. When Chrome updates are loaded with zero day fixes, you don’t want to be putting off those notifications.

“What Happens When I Click a Weird Link in My Browser?”

Going back to your rogue Chrome Update message… 

Attacks like this happen when legitimate websites are compromised so that they serve up fake Google Chrome update error messages.

Don’t click on the link. If someone clicks on the link, malware is distributed.

The infection enters through a Zip file that executes a cryptojacker, draining power, degrading performance, and compromising credentials and Personal Health Information (PHI).

Whether these links come to you via email or directly in your web browser… we advise thinking twice before clicking on any unusual links.

What Does Structured Patch Management Look Like?

How well do you know your patch management process?

So many healthcare establishments get hacked or held for ransom because:

  • They’re clinging to manual processes.
  • It’s hard to keep up with the amount of patches for Chrome and other software. 
  • No support for third-party software.
  • On-premises patch management tools fail.
  • No one really knows the true patch management process from A-Z.
  • No complete visibility into all devices, including the devices running Chrome.

These are only some of the reasons why IT healthcare teams choose to deploy Syxsense Enterprise

Now they let Syxsense automatically scan and detect misconfigurations that are missing on Chrome. After a speedy three-hour timeframe from issuance, all new patches are thoroughly tested and prepared for deployment.

With live Patch Tuesday updates, Syxsense users gain exclusive access to the latest need to know patches.

Ready to experience powerful endpoint and patch management with vulnerability scanning and remediation-all from a single agent? Schedule a demo today.

hands on keyboard coding cybersecurity

400 Security Professionals Report What Vulnerability Management Program Features They Needed Most

By Blog, Cybersecurity, Vulnerability Management

What are organizations doing right now to fill their vulnerability management gaps?

Experts carefully weigh technology, automation, compliance, and procedures to gain full visibility across their IT environment. It’s an ongoing lifecycle that takes time and collaboration to figure out. Vulnerability management (VM) can’t exist on an island. It’s time to stop thinking of VM as a siloed, isolated practice.

The State of Vulnerability Management Report surveyed 421 cybersecurity professionals who shared the facts and statistics behind what works for building a mature VM program. 

Tech execs, managers, and IT security practitioners answered top questions about VM that will give you a real-world look at how they’re assessing risk. 

What preventive measures are organizations turning to? How can you try them, too?

Before you dive into the report, here’s a shorter breakdown of how to weave VM into your existing processes so that it doesn’t feel like you’re adding more work.

What’s Inside Your Vulnerability Management Program?

Only 19% of organizations have achieved a high level of maturity in their VM program. Plenty of opportunities to do better, especially considering every organization spotted vulnerabilities.

26% of organizations spotted over 100 per month—that’s a high level of risk.

If you’re not performing regular scans, how can you know what needs remediation? And before you even start scanning, you need an evolving and active inventory of your current assets. 

When planning a strong VM program, you need to pinpoint vulnerabilities, assess their risk level, and establish escalation triggers.

Respondents emphasized the need for full visibility, mainly in:

  • Endpoints/desktops/laptops
  • Servers
  • Mobile and IoT devices

Along with the ability to keep track of them whether they’re at home, roaming, on the network, or in the cloud. 

Here’s where automation lightens the workload with scanning and remediation.

Your Patch Deployment Speed Matters

Are you patching:

  1. On the same day
  2. After a week
  3. Monthly basis
  4. Longer?

Depending on your answer, you might expose yourself to vulnerabilities for too long.

If you’re taking over a week to patch, like 47% of respondents, you’re susceptible. Inaction is dangerous. Vulnerabilities love delayed patching.

Small but mighty teams say automated patch management drastically cuts patch deployment time and effort. They don’t have to sacrifice productivity to patch research, either.

When it comes to deployment, teams need convenience. Scheduling reboots and updates during off-hours makes deployment more straightforward and puts you in control. It also saves someone from being breached due to outdated software.

Eight Real-World Practices to Use for Your Vulnerability Management Program

As vulnerabilities increase, so does the need for continuous monitoring, effective patch management, VM, risk assessment, detailed reporting, proof of compliance, and 100% visibility. 

Survey participants highlighted the VM features that were the most important to building their program. We’ve broken down their approaches into eight practices that have worked for other organizations. These are the best practices used by skilled teams, and they’re the same steps you can use to start your program.

These eight practices lead to full visibility and realistic workload expectations for smaller teams who want to automate responsibly. 

2023’s Vulnerability Report breaks down the foundational steps to help you evaluate an already existing VM program or start one from scratch. It’s all the facts necessary to explain to your team and other departments why those recommended updates are the reason the business is staying protected.

Download a complimentary copy of your report today

In the News: Syxsense Unveils Novel Unified Endpoint Management Strategy

By Blog, News
Published originally on June 27, 2023 on TechRepublic.

Syxsense recently unveiled its all-encompassing suite – Syxsense Enterprise, which comes with patch and vulnerability management, MDM, zero trust, automation and orchestration capabilities, and remediation.

Diane Rogers, chief product officer at Syxsense, spoke about the company’s roadmap at the recent Syxsense Synergy event.

Read the full recap on TechRepublic.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
iot vulnerabilities in healthcare

How IT and Security Management Is Protecting Healthcare Data

By Blog, Cybersecurity, Healthcare Industry

“Hello! We have 2 million records and we’ll publish them if they don’t pay. Each time, we’ll post more and more records at once.”

This was the message left behind ransomware group Money Message after stealing 5.8 million PharMerica patients’ data. 

It’s hard to believe we’re still dealing with people who think it’s okay to steal protected health information (PHI) and then demand a ransom in exchange for its return. Messages like that aren’t unusual for ransomware groups. They’re meant to be infuriating and very much on purpose. 

Protected Health Information (PHI) is a precious commodity for them, and unfortunately, a tool for extortion. 

In the world of cyberattacks, there’s no such thing as a “one size fits all” solution.

Data Breach Hits Pharmacy Services in 50 States

50 states.

3,100 medical facilities.

4.7 TB of data exposed.

5,815,591 patients.

The attacks in the early half of 2023 have looked like:

  • 50,000 patients impacted at Rise Interactive Media & Analytics.
  • 11,000 patient records were spotted after Arizona Health Advantage employees couldn’t access some company servers.
  • Wentworth Health Partners Garrison Women’s Health (GWH) had a network outage that affected the IT infrastructure, applications, and electronic medical records.

While these are just a few of the attacks that have been reported, they represent a larger problem for an industry that is already struggling to maintain security standards.

As for GWH’s network outage—information was made inaccessible. And there were no backups available. While IT eventually restored radiology and ultrasound data and applications, as well as some electronic medical records, about nine months of medical records were lost in the attack due to file corruption.

What Kinds of Attacks Cause Outages and Hold PHI Hostage?

These attacks can be carried out in a variety of ways, but the most common types fall into three categories:

Malware — Malicious software designed to infiltrate and damage systems.

Phishing — Sending emails that appear to be from legitimate sources but are actually designed to trick into providing their login credentials, bank account information, or credit card numbers.

Ransomware — A type of malware that encrypts files on your computer and holds them hostage unless you pay a ransom fee.

They can range from minor inconveniences to major disruptions that can cost millions.

Threat actors accessed and posted names, addresses, emails, birth dates, Social Security numbers, health insurance, diagnoses, and other private information.

But you can protect yourself by considering the foundational steps below.

What Actionable Steps Can I Take to Secure Healthcare Systems?

Now you know about the loss of patient records, how threat actors get inside, and cause the disruption of day-to-day operations. But are you doing anything to protect yourself?

If you want to protect healthcare systems and records from cyberattacks, check out these five foundational security steps:

  1. Firewalls: There are a bunch of next-gen firewalls out there that work great for healthcare. Not only do they protect the perimeter, but they also give alerts, suggest ways to remediate, keep wireless networks safe, and are easy to manage.
  2. Cloud Backup: Secure backups are a must in your cybersecurity strategy. There are plenty of cloud-based tools to choose from that protect you from data loss, ransomware attacks, human bloopers, and hardware failures.
  3. Extended Detection and Response: Extended Detection and Response (XDR) is the next evolution of endpoint detection and response (EDR). It detects threats on endpoints, networks, and users. Triggers are built to automate threat identification and investigation.
  4. Security Awareness Training: Security awareness training solutions for healthcare personnel go beyond traditional methods. They incorporate simulated phishing attacks to assess susceptibility to phishing, provide training to identify various attack vectors, and even offer tools to promptly thwart phishing attempts.
  5. Unified Security and Endpoint Management (USEM): One console that has real-time endpoint, patch, vulnerability, and configuration management. Syxsense Enterprise is the ultimate USEM solution for healthcare, because it includes a powerful drag-and-drop workflow builder (Syxsense Cortex) that makes building complex workflows and remediation processes easier than ever before. Syxsense is proactive and gives you 24/7 control over what happens and where, for teams needing consistent, accurate, and quick results.

Trust is the cornerstone of any strong relationship, including the one you have with your patient’s data. It’s a symphony of security that protects them. Find out more about how Syxsense can help you by scheduling a demo today.

The Evolution of Patch Management in Enterprise Security

By Blog, Cybersecurity, Patch Management

You’ve got a new patch.

But do I have to apply it? Can I wait until next week? (Or the next?) Is it that serious?

How critical your patch is may vary. It might be the update that stops hackers from exploiting a vulnerability for full control.

If you’re not sure what patching is: when a software vendor discovers vulnerabilities in their product, they release a patch to fix those issues. They identify security holes in software and update them with a new version that closes those holes. 

Patches can be applied on your laptop, desktop, cell phone, or video game system.

The best way to protect your network is to stay current with patches.

Patching is just one way to mitigate known vulnerabilities and thwart potential network breaches, but it’s one of the most effective.

The way patches are applied and managed in the enterprise has evolved, but some misconceptions persist, such as:

  • “Patching is complicated and time-consuming.”
  • “If it’s not broken, no need to fix it.”
  • “This needs deep technical knowledge.”
  • “We can’t handle the downtime… so maybe next month… or next quarter.”

What was once slow, administrative, and even annoying, is now automated, easier, and handled for you.

The Smart Way to Inventory and Monitor a Fleet of Devices

You can’t patch unless you know what device you have.

And you can see how out of control that gets when you have hundreds or thousands of devices. 

Which ones need to be patched to keep them safe?

If you’re managing a fleet of devices, you don’t have time to waste on manually identifying and patching them.

Teams are using solutions that let them see everything in one place, and quickly find which devices are out of date or vulnerable. Because critical security patches are speeding beyond monthly patch timetables, teams are relying on continuous monitoring more than ever.

Once teams know what devices are being used, they can automatically deploy patches to each device—no matter where they are.

Implementing a patch management strategy is not a one-time process. Vulnerabilities don’t run on a schedule. And they most certainly don’t run on yours. Without a systematic approach to patch management, your most important updates may not be applied on time.

Before You Deploy a New Patch Release…

Your new patch is available for deployment. 

But first, it’s time to test the new patch in a controlled environment, preferably a carbon copy of where it’s set to go live. 

Are there any problems with the patch that could disturb how the system works? 

After testing and approval, the patch can be deployed to all relevant systems.

We can’t pretend to know what kind of vulnerability you’re facing, but it’s safe to say that it’s not one you want to ignore. Not all patches require your immediate attention, but some do.

Some patches address critical vulnerabilities with immediate risks, while others fix less severe issues. Prioritizing patches by vulnerability severity lets you take on the major threats first.

Using a vulnerability scanner assess software for weaknesses that could be breached by an attacker. Running a scan helps you prioritize what needs to be patched first—usually based on your organization’s risk management plan and how critical each system’s function is.

Patching Yesterday vs Today: Which Is Really Better?

What is broken, doesn’t have to take long to fix.

And what isn’t broken, can still be looked after without devoting any overtime. 

No more feeling like you’re stuck in the past when:

  • You don’t have to guess what needs to be patched. 
  • Downtime doesn’t have to drag into weeks or months because you put off the next update. 
  • You take the proactive approach that saves you time and resources.

There are only so many hours in the day. Teams of all sizes and expertise automate their patching process free up time to focus on more challenging parts of the job. In security, there’s always a different problem tomorrow. Scheduling patching (or service management and software installs) shouldn’t be one of them.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo