May Patch Tuesday: Major Windows 10 Updates

Logitech IoT Harmony Hub Fixes Several Security Flaws Harmony Hub-based products, which include Harmony Elite, Home Hub, Ultimate Hub, Home Control, Pro, Smart Control, Smart Keyboard, Ultimate Home, and Harmony Hub are potentially vulnerable to four types of vulnerabilities that can be combined to gain root access to a device via SSH. Harmony Hub is…

Windows Containers Opened: Microsoft Issues Emergency Patch

Microsoft Releases Critical Update In something of an unusual move, Microsoft has released a critical update before Patch Tuesday. This patch addresses a vulnerability within the Windows Host Compute Service Shim (hcsshim) library. Thanks to work by Swiss security researcher Michael Hanselmann, the flaw was identified and an update has been released. According to the…

Oracle Doesn’t Predict WebLogic Flaw

Oracle WebLogic Flaw Opens Door to Hackers In early April, Oracle released updates for a vulnerability within WebLogic Server. At the time, it seemed like that was that, but now a tech researcher claiming to be part of Alibaba’s security team has found a work around. There are also indications that hackers are seeking to…

Spectre Still Haunts Microsoft and Intel

Living in the Shadow of Spectre After fumbling their first attempt at patching the Spectre vulnerability, Microsoft has released Security Update 4078407. According to their security advisory, “applying this update will enable the Spectre Variant 2 mitigation CVE-2017-5715 – “Branch target injection vulnerability.” Microsoft has released several stages of updates in an attempt to deal…

Third-Party Patch Update: April 2018

Cisco Patches Vulnerability in WebEx Cisco has just released a CVSS 9 rated update for its WebEx software. In their own words, the unpatched vulnerability “could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.” The malicious party would share a Flash file via WebEx’s sharing capabilities to gain control of…

Ocean’s IoT: Casino Hacked Through Fish Tank

Casino Infiltrated through Internet-Connected Fish Tank Thermometer Picture this: Jazzy music underscores George Clooney’s Danny Ocean pulling off another daring heist. He’s gathered his crew and it’s go time. Their entry point? A fish tank in the lobby. Okay, maybe that’s not the best physical access point, but it is how hackers stole data from…

Could Your IoT Devices be Hacked with a Google Search?

Most Companies Are Unprepared for the IoT Researchers at Ben-Gurion University warn that hackers have an unexpected resource in exploiting your environment: a Google search. IoT device manufactures set a default password for their devices, sometimes even sharing passwords between brands. “It only took 30 minutes to find passwords for most of the devices [used…

April Patch Tuesday: Don’t Get Burned Twice

Manage Your Vulnerabilities As we explored in our Total Meltdown article, some updates actually made Windows 7 less secure in the last round of Microsoft Patch Tuesday. Even worse, some caused significant performance issues on older hardware models. Many industry experts are recommending you disable Windows updates, or delay any other form of patch management…

WSUS Forces Upgrades

Strike Three for WSUS

Microsoft Ignores Deferral Settings, Forces Win10 Updates For the third time in the last few months, Microsoft pushed updates to Win10 machines that had deferral preferences set. Windows 10 versions 1507, 1511, 1607, and 1703 have been affected and pushed to 1709, whether a user wanted it or not. Microsoft’s response to this invasive error?…

Syxsense Achieves High Marks from Users

Users Love Ease of Use, Powerful Features and Reliable Support G2 Crowd recently released their Spring 2018 Reports. Syxsense was included in four unique lists, highlighting ease of product use and customer satisfaction: Grid® Report for Enterprise IT Management Suites, Usability Index for Enterprise IT Management Suites, Implementation Index for Enterprise IT Management Suites, and…