Skip to main content
Category

News

|||

Syxsense Shines at the Stevies’ 2022 American Business Awards

By NewsNo Comments

Syxsense Shines at the Stevies’ 2022 American Business Awards

Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories.

Syxsense Honored at Stevies’ Awards

We’re excited to announce that Syxsense has been honored at the Stevies’ 2022 American Business Awards across two categories, highlighting our unique approach to unified endpoint security and IT management. This prestigious awards program recognizes the achievements and positive contributions of organizations and working professionals worldwide.

Syxsense Secure placed Silver in the Best Endpoint Security Management Solution category, with one judge calling it a “user-friendly solution to IT security management.” Another lauded Secure for its “promising customer reviews and performance metrics.”

Additionally, the Bronze for Best Emerging Technology went to Syxsense Cortex. Several judges praised Cortex, calling it one of the “better products they’d seen,” and shined a spotlight on its various features:

“The videos were beneficial to get a sense of the product. The product reviews are amazing… The workflow building and drag-and-drop UI helps differentiate the solution and move from IT administration to the emerging trend of IT orchestration.”

More than 3,700 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. Over 230 professionals worldwide participated in the judging process to select this year’s winners.

To learn more details about the Stevies’ American Business Awards and see the complete list of 2022 winners can be found here.

||

Top Linux Vulnerabilities for April 2022

By NewsNo Comments

Top Linux Vulnerabilities for April 2022

Explore the top Linux vulnerabilities for April 2022 and find out the best solution for managing these threats.

1. CVE-2022-0435

Severity: Critical | CVSS Score: 9.0

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 

Syxscore Risk Alert

This vulnerability has a critical risk as this flaw can be exposed over any network, with low attack complexity, and with low privilege requirements.

 

[dt_divider style=”thin” /]

 

2. CVE-2022-0492

Severity: Important | CVSS Score: 7.8

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 Syxscore Risk Alert

This vulnerability has a high risk risk as this flaw can be exposed with low attack complexity and low privileges. It does require local network access to exploit, which lowers the overall associated risk.

 

[dt_divider style=”thin” /]

 

3. CVE-2022-28893

Severity: Important | VSS Score: 7.2

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, with low privileges, no user interaction, but does require local network access.

 

[dt_divider style=”thin” /]

 

4. CVE-2022-0998

Severity: Important | CVSS Score: 7.2

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

 

[dt_divider style=”thin” /]

 

5. CVE-2022-0995

Severity: Important | CVSS Score: 6.6

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

The highest threat from this vulnerability is to confidentiality and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

||

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

By Blog, NewsNo Comments

President Warns of Russian Cyberattacks and Demands Greater Cybersecurity Preparedness

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

Russian Cyberattacks on the Rise

President Biden issued a warning this week about the likelihood of attacks on U.S. government and corporate targets emanating from Russia.

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” he said.

Earlier announcements had mainly been about bolstering the cybersecurity profile of governmental agencies. However, this message took a different tone. It focused on the need for private organizations to increase their level of alertness and cybersecurity preparedness.

“But the Federal Government can’t defend against this threat alone,” said the President. “Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors. If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.”

CISA Issues Urgent Cybersecurity Alert

Just before this announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a Shields Up alert that included mitigation guidance for any suffering an attack, as well as laying the best practices noted by the President.

Such best practices include keeping patches up to date and scanning network and devices regularly for any signs of malicious or anomalous behavior.

As CISA said among its key guidelines:

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.

Unfortunately, too many businesses either neglect these functions or let them fall behind. In a great many breaches, attackers take advantage of known vulnerabilities that organizations have failed to patch. In many other attacks, the signs of incursion are not difficult to spot. Yet absent or inadequate scanning fails to uncover them.

No one wants to experience a cyberattack. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date. Syxsense is the only product that combines automated patching, vulnerability scanning, and IT management.

||||||

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

By News, Patch TuesdayNo Comments

Syxsense Changes Game with Introduction of New Mobile Device Management Solution

Syxsense's MDM solution broadens the reach of IT managers to mobile devices running iOS, iPadOS, and Android.

Mobile Device Management Added to Syxsense

ALISO VIEJO, Calif., March 29, 2022 /PRNewswire/ –– Syxsense, a global leader in IT and security management solutions, announced today the availability of their solution for Mobile Device Management (MDM).

Available immediately, the MDM solution from Syxsense is the first solution on the market that broadens the reach of IT managers to now include mobile devices running iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments.

The ongoing trend of remote and hybrid work models has increased the criticality of bringing mobile devices under the umbrella of IT managed security, both company issued as well as BYOD (bring your own device.) MDM is now recognized by analyst firm Gartner as a key requirement of an effective Unified Endpoint Management (UEM) strategy, which has seen a surge in investment recently. Gartner writes “UEM investment has grown in response to the greater acceptance of remote working and the requirement to manage, patch and support Windows 10 and macOS PCs as well as mobile devices, regardless of location.”

Syxsense’ MDM offering includes all the tools necessary to apply effective management to mobile endpoints, including Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe, making it possible for IT to wipe sensitive data from lost or stolen devices.

“The Syxsense approach of unifying management of all IT devices into a single console that spans device management, device security and vulnerability remediation, has resonated with our customers, and is the catalyst for our recent explosive growth,” explains Ashley Leonard, founder and CEO of Syxsense. “This industry-first ability to now manage mobile devices within the same platform and methodology as other IT assets has been hugely popular with our early adopters.”

Syxsense Mobile Device Management is available as an add-on module to Syxsense Secure, which already includes management and security tools for servers, desktops, laptops, and virtual machines. It will also be included in an upcoming release of a bundled offering targeted at enterprise customers who wish to manage the broad scope of their IT devices from within a single console.

Other Included Features

Syxsense has also released updates to their existing offerings to now provide integration with Active Directory (AD) allowing IT managers to manage on-premise AD devices from the cloud. Syxsense discovers devices as they are added to OUs (organizational units) and automatically applies the appropriate policies.

This union of Syxsense Cortex™ and AD enables cradle to grave lifecycle management based on OU membership, rather than having to manually apply tasks to new devices and is a huge time saver to the IT team.

Newly updated Syxsense Manage is now also the first patch management product on the market that offers active Patch Tuesday scheduling for phased deployments. The recurring windows are set relative to the moving target of the second Tuesday, making it easy to deploy new content automatically. Missing a deployment of Microsoft’s recommended patches is a major factor in unprotected or under-protected environments and leaves the door open for attack.

Syxsense products support iOS, iPadOS, Android, Windows Servers, Windows Desktop, MacOS devices, and a variety of Linux distributions, now also including the enterprise-friendly Rocky Linux.

Information and pricing on these new Syxsense products is available on the Syxsense website. Qualified customers are also able to schedule a personalized demo of the existing products and the new MDM module, and receive a $100 gift card in return, by registering here.

More Information

||

Linux Vulnerabilities of the Week: March 7, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: March 7, 2022

See this week's top Linux issues and keep your IT environment protected from the latest March 2022 Linux vulnerabilities.

1. Failure to properly escape SQL input in Cyrus SASL affecting Red Hat Enterprise Linux 6

Severity: Critical         CVSS Score: 9.1

This is a flaw in the SQL plugin shipped with Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28. A remote attacker can execute arbitrary SQL commands due to the failure to properly escape the SQL input. This issue can lead to the escalation of privileges.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk although it requires high privileges to be exploited, this can be exposed over any network, with low complexity, and without user interaction. Besides, this flaw allows a lateral attack to be carried out.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2022-24407

2. Out-of-bounds heap read/write vulnerability in Samba

Severity: Important    CVSS Score: 8.8

Samba versions before 4.13.17, 4.14.12, and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module, a remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44142

3. Double-free of the virtual attribute context in persistent search in ds-base affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is double-free in the way 389-ds-base handles virtual attributes context in persistent searches, which an attacker could use to send a series of search requests, forcing the server to behave unexpectedly, and crash.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4091

4. Special character breaks path in XML parsing in PHP

Severity: Medium       CVSS Score: 5.3

This is a flaw in PHP. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories.

The highest threat from this vulnerability is to confidentiality and integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21707

5. RPM’s signature vulnerability

Severity: Low  CVSS Score: 4.4

There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature. RPM does not check the binding signature of subkeys before importing them. If an attacker can add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a low risk as although this requires access to the same network as the device, complex attack and user interaction to be exploited, it can be exposed with low privileges.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3521

|||

2022 Endpoint Protection Guide

By Blog, News, Patch ManagementNo Comments

2022 Endpoint Protection Guide

As today's threat landscape becomes more unpredictable than ever, how do you mitigate risk? See the top strategies for protecting your endpoints in 2022.

Read the 2022 Endpoint Protection Guide

Today’s threat landscape is more unpredictable than ever in the wake of the COVID-19 pandemic and the ensuing “Work From Home” and hybrid work models, leaving organizations vulnerable to an increasing number of cyberattacks. See the top ways to protect your endpoints and mitigate risk in 2022.

Download the 2022 Endpoint Protection Guide

||

Linux Vulnerabilities of the Week: February 14, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: February 14, 2022

See this week's top Linux issues and keep your IT environment protected from the latest February 2022 Linux vulnerabilities.

1. Integer overflow in function XML_GetBuffer in Expat (<2.4.4) affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing many prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23852

2. JMSAppender in Log4j 1.2 flaw

Severity: Important    CVSS Score: 7.5

JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender, which is not the default, and to the attacker’s JNDI LDAP endpoint.

Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, this can be exposed over any network, with low privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. ASP.NET Core Krestel HTTP headers flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This vulnerability allows a remote, unauthenticated attacker to cause a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21986

4. Refcount leak in pep_sock_accept() in net/phonet/pep.c in the Linux kernel through 5.15.8

Severity: Medium       CVSS Score: 5.5

This is a memory leak flaw in the Linux kernel’s PhoNet (Phone Network protocol) functionality. A local user could use this flaw to starve the resources causing a denial of service.

The highest threat from this vulnerability is to confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45095

5. A null pointer dereference in bond_ipsec_add_sa() in the Linux Kernel affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.5

This is a null pointer dereference in the Linux kernel’s bonding driver in the way a user bonds a non-existing or fake device. This vulnerability allows a local user to crash the system, causing a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-0286

||

Linux Vulnerabilities of the Week: February 08, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: February 8, 2022

See this week's top Linux issues and keep your IT environment protected from the latest February 2022 Linux vulnerabilities.

1. SQL injection in Log4j 1.x when the application is configured to use JDBCAppender

Severity: Critical         CVSS Score: 9.8

This is a flaw in the Java logging library Apache Log4j in version 1.x, which makes JDBCAppender in Log4j 1.x vulnerable to SQL injection in untrusted data. A remote attacker can use this vulnerability to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23305

2. A heap-based buffer overflow vulnerability in AIDE (<0.17.4) affecting Red Hat Enterprise Linux 6, 7 and 8

Severity: Important    CVSS Score: 7.8

AIDE allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), crash the program, and possibly execute arbitrary code, because of a heap-based buffer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45417

CVE Reference(s): CVE-2021-44790

3. An uncontrolled resource consumption flaw in Go (< 1.16.12)

Severity: Important    CVSS Score: 7.5

This is a flaw in Golang’s net/http library in the canonicalHeader() function. It allows an attacker who submits specially crafted requests to applications linked with net/http’s http2 functionality to cause excessive resource consumption that could lead to a denial of service or otherwise impact system performance and resources.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44716

4. Libreswan (4.2 through 4.5) flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in Libreswan that remote attackers could exploit to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23094

5. Incorrect IdentityHashMap size checks during deserialization in Open JDK

Severity: Medium       CVSS Score: 5.3

This is an easily exploitable flaw in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) that allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DoS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21294

||

Critical Bug Can Be Exploited to Gain Windows SYSTEM Privileges

By Blog, NewsNo Comments

Critical Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee has patched two severe vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges.

New Critical Vulnerability

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM.

According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products. 

The Agent is the piece of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces policies and executes client-side tasks such as deployment and updating. 

The McAfee Agent is also the component that uploads events and provides additional data regarding each system’s status. Periodically collecting and sending event information to the McAfee ePO server, the Agent – which also installs and updates endpoint products – is a required install on any network system that needs to be managed.

How Syxsense Can Help

Syxsense has automated the entire process of patch management.

  • It automates testing of patches yet gets them deployed within three hours of receipt.
  • It automates patch deployment so the right patches make it to every endpoint.
  • It automates patch rollback in case of any issues or incompatibilities.
  • It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.

Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.