Skip to main content
Tag

information technology

||

The ‘Foreshadow’ of More Intel Issues

By NewsNo Comments

Foreshadow Flaw Found in Intel CPUs

For the more than a billion computers that depend on Intel CPUs, the flaws just keep coming. Thanks to work by researchers from KU Leuven University in Belgium, along with the universities of Adelaide and Michigan, Intel has been made aware of yet another major weakness in their processor chip sets.

Since the first flaws announced earlier this year lead to the Spectre and Meltdown attacks, this new exploit has been named ‘Foreshadow’. Intel has published a list of the affected products, which you can find below this article.

According to the cyber security arm of the US government, “an attacker could exploit this vulnerability to obtain sensitive information”. However, Intel has stated that “We are not aware of reports that any of these methods have been used in real-world exploits.” They have also pledged to ensure future processors would be built in ways to prevent vulnerability to Foreshadow.

Intel has released three CVEs to address this new issue: CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646.

Patching and Mitigation

Systems that have applied updates made available by Intel earlier this year should already be protected against Foreshadow, Intel said.

Using an IT solution like Syxsense can simplify this complex task. Maintenance windows can be set so updates are deployed around business hours.

Updates can also be deployed on demand, so that emergency fixes can be applied immediately. Syxsense provides flexibility and adaptability to accommodate the remediation strategy that best fits your business.

Learn more about the better way to manage your environment. Start a trial with Syxsense.

Impacted products:

The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time.

Intel® Core™ i3 processor (45nm and 32nm)
Intel® Core™ i5 processor (45nm and 32nm)
Intel® Core™ i7 processor (45nm and 32nm)
Intel® Core™ M processor family (45nm and 32nm)
2nd generation Intel® Core™ processors
3rd generation Intel® Core™ processors
4th generation Intel® Core™ processors
5th generation Intel® Core™ processors
6th generation Intel® Core™ processors
7th generation Intel® Core™ processors
8th generation Intel® Core™ processors
Intel® Core™ X-series Processor Family for Intel® X99 platforms
Intel® Core™ X-series Processor Family for Intel® X299 platforms
Intel® Xeon® processor 3400 series
Intel® Xeon® processor 3600 series
Intel® Xeon® processor 5500 series
Intel® Xeon® processor 5600 series
Intel® Xeon® processor 6500 series
Intel® Xeon® processor 7500 series
Intel® Xeon® Processor E3 Family
Intel® Xeon® Processor E3 v2 Family
Intel® Xeon® Processor E3 v3 Family
Intel® Xeon® Processor E3 v4 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E5 Family
Intel® Xeon® Processor E5 v2 Family
Intel® Xeon® Processor E5 v3 Family
Intel® Xeon® Processor E5 v4 Family
Intel® Xeon® Processor E7 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor D (1500, 2100)

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

October Patch Tuesday: Silent But Deadly

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Should Third-Party Really Be your Second Priority?

If you have a patching strategy delivering Microsoft updates on a routine basis, you should extend that capacity to include third-party updates.

Just a couple weeks ago, we discovered a massive compromise in one of the world’s largest business and personal computer utilities, “CCleaner” by Piriform.

Version 5.33.6162 was released with injected malicious code which would expose any system to hackers remotely gaining access to that system. To make matters worse, CCleaner does not come with an automatic update capability so remediating these issues requires a toolset which can remotely deploy or patch third-party software. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day.

Robert Brown, Director of Services for Verismic said, “Your patch management strategy must include both the operating system and any software or third-party updates to be reassured of your environment’s safety. Deploying only Windows updates is not closing the holes used by hackers in the current wave of ever increasing sophisticated hacks.

Syxsense includes both Microsoft, Linux and the most popular third-party vendors so you can be reassured everything is covered.”

Source: TechPowerUp

[vc_single_image image=”12852″ img_size=”200×200 px”]

What takes 206 days?

Cyberattacks are an increasingly serious risk for organizations, but many executives believe their organization won’t be targeted. They claim their organization is too small to be on the attackers’ radars or that they have nothing worth stealing.

Many cybercriminals are indiscriminate in their attacks and can always find something of interest. However, companies that believe they’re safe may already be penetrated – they just don’t know it yet.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

A study found that US companies took an average of 206 days to detect a data breach. This is an increase on the previous year (201 days) where a survey showed 20 percent of employees showed a lack of awareness for safe social media posting, choosing risky actions such as posting on their personal social media accounts. Data breaches are contained sooner if they’re detected by a staff member when conducting routine assessments of potential vulnerabilities within their organization.

“This is why it is important to have a proactive stance when it comes to patch management,” said Brown. “How long will it take before you realize you have been compromised?”

Ransomware is the fastest growing security threat, yet most companies are unprepared to deal with it, says a new study. Companies and government agencies are overwhelmed by frequent, severe attacks, according to the 2017 Ransomware Report commissioned by Cybersecurity Insiders and conducted by Crowd Research. That illustrates why ransomware damages are expected to hit $6,000,000,000 this year.

[vc_separator]

October Patch Tuesday Release

Microsoft published its monthly security updates on October 10, 2017, addressing 62 vulnerabilities in Windows, Internet Explorer, Edge, and Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. View details of the complete Security Update Guide here.

We have selected the updates to prioritize this month. Our recommendation has been made using evidence from industry experts, anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11779 Microsoft Windows DNSAPI Arbitrary Code Execution Vulnerability 9.8 Yes
CVE-2017-11786 Microsoft Skype for Business Elevation of Privilege Vulnerability 8.3 Yes
CVE-2017-8717 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8718 Microsoft Windows JET Database Engine Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11771 Microsoft Windows Search Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-11781 Microsoft Windows Server Message Block Denial of Service Vulnerability 7.5 Yes
CVE-2017-11819 Microsoft Windows Shell Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11782 Microsoft Windows Server Message Block Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11783 Microsoft Windows Privilege Escalation Vulnerability 7.4 Yes
CVE-2017-11780 Microsoft Windows Server Message Block Arbitrary Code Execution Vulnerability 7.3 Yes
CVE-2017-8689 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8694 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-11824 Microsoft Windows Graphics Component Privilege Escalation Vulnerability 7 Yes
CVE-2017-8703 Microsoft Windows Subsystem for Linux Denial of Service Vulnerability 6.8 Yes
CVE-2017-11776 Microsoft Windows Universal Outlook Information Disclosure Vulnerability 6.5 Yes
CVE-2017-11815 Microsoft Windows Server Message Block Information Disclosure Vulnerability 6.4
CVE-2017-11784 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11785 Microsoft Windows Kernel Information Disclosure Vulnerability 6.1
CVE-2017-11772 Microsoft Windows Search Service Information Disclosure Vulnerability 5.9
CVE-2017-11816 Microsoft Windows Graphics Device Interface+ Information Disclosure Vulnerability 5.7
CVE-2017-11829 Microsoft Windows Update Delivery Optimization Privilege Escalation Vulnerability 5.5
CVE-2017-11775 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11777 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-11820 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8693 Microsoft Windows Graphics Information Disclosure Vulnerability 5.3
CVE-2017-8715 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11765 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11814 Microsoft Windows Kernel Information Disclosure Vulnerability 5.3
CVE-2017-11823 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11817 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-11818 Microsoft Windows Storage Security Feature Bypass Vulnerability 4.5
CVE-2017-11790 Microsoft Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-11794 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8726 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8727 Microsoft Windows Shell Memory Corruption Vulnerability 4.2
CVE-2017-11762 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11763 Microsoft Windows Graphics Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11769 Microsoft Windows TRIE Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11774 Microsoft Outlook Security Feature Bypass Vulnerability 4.2
CVE-2017-11792 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11793 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11796 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11797 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11798 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11799 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11800 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11801 Microsoft ChakraCore Memory Corruption Vulnerability 4.2
CVE-2017-11802 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11804 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11805 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11806 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11807 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11808 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11809 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11810 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11811 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11812 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11813 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11821 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11822 Microsoft Internet Explorer Memory Corruption Vulnerability 4.2
CVE-2017-11825 Microsoft Office Memory Corruption Vulnerability 4.2
CVE-2017-11826 Microsoft Office Memory Corruption Vulnerability 4.2
[vc_separator][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE SYXSENSE TRIAL[/dt_default_button]
|||

September Patch Tuesday: Escaping the Equi-Hack

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Money Well Spent

Every dollar of fraud to merchants and firms in the retail and financial services sector is estimated to cost $2.66 on average, said a new fraud report.

The LexisNexis Fraud Multiplier estimates the total amount of loss a business incurs, based on chargebacks, fees, interest, merchandise replacement and redistribution.

The study also investigates fraud costs as a percentage of revenues, as reported by survey respondents, to be nearly 2 percent (1.90 percent) across retail, e-commerce, financial services and digital lending businesses. Businesses that sell digital goods and/or conduct transactions primarily through remote channels take an even harder hit to their bottom line at 2.51 percent of revenues.

Robert Brown, Director of Services for Verismic says, “It’s astonishing how much money is being lost because critical systems are not being kept up to date. Updating critical systems is so easy using Syxsense. We recommend starting a trial to see how it can work for you.” Full article can be found here.

As recent as last Wednesday, a U.S. government website was hosting malicious ransomware. It has been wildly speculated that either the site was hacked, or it possibly stores attachments from government officials’ emails and the downloader was archived.

[vc_single_image image=”13032″ img_size=”200×200 px”]

The ransomware had similarities to the Blank Slate spam campaign which earlier this year was spreading Cerber. Emails in that campaign contained only a double-zip archive with the second containing either a malicious JavaScript file or a malicious Microsoft Word document. The emails contain no text, and experts believed then that all of this combined to evade detection.

Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s unknown whether anyone was infected through the site, full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Check your Equifax Credit Report and Score Now

Victims of the massive Equifax breach may have to wait days to find out if they were impacted. Americans who either applied for new jobs, loans, or just wanted to check their credit score via Equifax are having a difficult time getting answers as to whether they are part of the breach of 143 million records that occurred Thursday.

Details of how this breach happened is still very unclear, however with companies suffering the same fate over the past year, the root cause is likely to be via a sophisticated cyberattack exposed using vulnerable software or operating systems.

Robert Brown, Director of Services for Verismic says, “We recommend clients download our ‘5 Biggest Patch Mistakes‘ whitepaper.

Microsoft published its monthly security updates on September 12, 2017. Microsoft addressed 81 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

ID Vulnerability Alert CVSS Score Recommended
CVE-2017-8686 Microsoft Windows DHCP Server Remote Code Execution Vulnerability 9.8 Yes
CVE-2017-8630 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8631 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8632 Microsoft Office Memory Corruption Vulnerability 9.6 Yes
CVE-2017-8725 Microsoft Office Publisher Arbitrary Code Execution Vulnerability 9.6 Yes
CVE-2017-9417 Microsoft Windows HoloLens Wireless Network Driver Arbitrary Code Execution Vulnerability 8.8 Yes
CVE-2017-8567 Microsoft Office Arbitrary Code Execution Vulnerability 8.6 Yes
CVE-2017-8744 Microsoft Office Memory Corruption Vulnerability 8.6 Yes
CVE-2017-8682 Microsoft Windows Graphics Component Remote Code Execution Vulnerability 8.4 Yes
CVE-2017-8742 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-8743 Microsoft PowerPoint Arbitrary Code Execution Vulnerability 8.3 Yes
CVE-2017-0161 Microsoft Windows NetBIOS Packet Processing Arbitrary Code Execution Vulnerability 8.1 Yes
CVE-2017-8628 Microsoft Windows Bluetooth Driver Spoofing Vulnerability 8.1 Yes
CVE-2017-8714 Microsoft Windows Remote Desktop Virtual Host Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8720 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7.8 Yes
CVE-2017-8759 Microsoft .NET Framework Arbitrary Code Execution Vulnerability 7.8 Yes
CVE-2017-8695 Microsoft Windows Uniscribe Component Information Disclosure Vulnerability 7.5 Yes
CVE-2017-8696 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 7.5 Yes
CVE-2017-8702 Microsoft Windows Privilege Escalation Vulnerability 7.5 Yes
CVE-2017-8747 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8749 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8750 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-8706 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8707 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8711 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8712 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8713 Microsoft Windows Hyper-V Information Disclosure Vulnerability 7.2 Yes
CVE-2017-8675 Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability 7 Yes
CVE-2017-8699 Microsoft Windows Shell Command Arbitrary Code Execution Vulnerability 6.4
CVE-2017-8758 Microsoft Exchange Cross-Site Scripting Vulnerability 6.1
CVE-2017-8677 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8678 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8679 Microsoft Windows Kernel Information Disclosure Vulnerability 5.5
CVE-2017-8680 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8681 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8683 Microsoft Windows Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8684 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8685 Microsoft Windows Win32k Graphics Component Information Disclosure Vulnerability 5.5
CVE-2017-8687 Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability 5.5
CVE-2017-8688 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 5.5
CVE-2017-8629 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8745 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4
CVE-2017-8704 Microsoft Windows Hyper-V Denial of Service Vulnerability 5.3
CVE-2017-8746 Microsoft Windows Device Guard Security Feature Bypass Vulnerability 5.3
CVE-2017-11761 Microsoft Exchange Information Disclosure Vulnerability 5.3
CVE-2017-8692 Microsoft Windows Uniscribe Component Arbitrary Code Execution Vulnerability 5
CVE-2017-8716 Microsoft Windows Security Feature Bypass Vulnerability 4.9
CVE-2017-8708 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8709 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8719 Microsoft Windows Kernel Information Disclosure Vulnerability 4.7
CVE-2017-8710 Microsoft Windows Kernel Information Disclosure Vulnerability 4.4
CVE-2017-8597 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.3
CVE-2017-8643 Microsoft Edge Information Disclosure Vulnerability 4.3
CVE-2017-8648 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8723 Microsoft Edge Security Bypass Vulnerability 4.3
CVE-2017-8724 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8733 Microsoft Internet Explorer Spoofing Vulnerability 4.3
CVE-2017-8735 Microsoft Edge Spoofing Vulnerability 4.3
CVE-2017-8736 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 4.3
CVE-2017-8739 Microsoft Edge Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-8649 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8660 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8728 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8729 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8731 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8734 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8737 Microsoft Windows PDF Document Processing Arbitrary Code Execution Vulnerability 4.2
CVE-2017-8738 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8740 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8741 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8748 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8751 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8752 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8753 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8754 Microsoft Edge Security Bypass Vulnerability 4.2
CVE-2017-8755 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8756 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-8757 Microsoft Edge Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11764 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11766 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-8676 Microsoft Windows Graphics Device Interface Information Disclosure Vulnerability 3.3
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

BitPaymer Ransomware Hits NHS

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”large”]

Is BitPaymer going to be bigger than WannaCry?

On August 25th, a handful of Scottish hospitals was infected with the BitPaymer ransomware. This group of hospitals, responsible for more than 654,000 residents, was also hit during the WannaCry ransomware event three months ago.

Although the hospitals reacted quickly and avoided paying a ransom, the hack caused major disruption, leading to thousands of cancelled appointments.

While a bullet was dodged here, BitPaymer has the potential to be much larger than WannaCry. A big danger is that this hack utilizes computers with RDP. According to some estimates, there are over 4 million endpoints vulnerable like this. That is 10 times more computers than WannaCry infected.

While RDP is a useful tool for keeping people productive, it’s risks outweigh the benefits. It’s time to replace RDP with a secure, powerful solution. Syxsense offers a Remote Desktop Access feature. We prioritize security and utilize 2048-bit encryption for communication.

BitPaymer doesn’t need end user interaction to infect a device. To show you who is accessing devices and when, we provide comprehensive audit logs and reports. Replace RDP and sign up for a free trial of Syxsense today!

[vc_single_image image=”12852″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||||

Russian Hacking Group Targets Hotel Guests

By NewsOne Comment
[vc_single_image image=”12919″ img_size=”large”]

Hackers Use NSA Tools in Hotels Across Europe

A group of Russian hackers best known for breaking into the Democratic National Committee have been using a leaked NSA espionage tool to target hotels across Europe in an attempt to spy on guests, according to new research published by cybersecurity firm, FireEye.

The hacker group known as APT28, or Fancy Bear, has targeted victims through connections to hacked hotel Wi-Fi networks.

APT28 infiltrated hotel networks via phishing emails that contained infected attachments and malicious Microsoft Word macros. Once they were in a hotel Wi-Fi network, they would then launch NSA hacking tool EternalBlue, which was leaked in 2017. This tool allowed them to spread control throughout the network, eventually reaching servers responsible for the corporate and guest Wi-Fi networks.

“It’s definitely a new technique” for the Fancy Bear hacker group, says Ben Read, who leads FireEye’s espionage research team. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

Hotel Wi-Fi has become a major vehicle for advanced hackers to target people of interest who happen to be connected. In 2014, researchers at security firm Kaspersky Lab said a group it dubbed Dark Hotel had been infecting hotel networks for at least seven years.

In a separate report a year later, Kaspersky Lab researchers uncovered evidence suggesting a separate hacking group with ties to the creators of the Stuxnet worm infected hotel conference rooms in an attempt to monitor high-level diplomatic negotiations the US and five other nations held with Iran over its nuclear program.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”12927″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

What can you do to protect yourself?

For remote users, it’s important to be aware of the threats like having information and credentials passively collected when connecting to public, untrusted networks. Experts advise using your own wireless hotspot and avoid connecting to hotel Wi-Fi networks when possible.

Keeping all remote devices fully patched is also critical. APT28 is using the same exploit as WannaCry and NotPetya. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

However, many organizations have older non-Microsoft supported operating systems still deployed – Windows Server 2003, Windows XP, Windows XP Embedded and Windows 8. Microsoft also took the unusual of releasing a patch for these unsupported operating systems.

We strongly recommend identifying all vulnerable operating systems and deploying this patch immediately.

[spacer height=”10px”][vc_single_image image=”11213″ img_size=”medium” alignment=”center”]

Many companies struggle to keep remote users completely up-to-date since they rely on manual patching or simply do not prioritize the process. However, patching is a necessity – even more so for machines that are not always on the network.

Syxsense allows you to keep all devices, including remote users, fully patched and protected. After months of global ransomware attacks and major security threats, it has never been more important to protect your IT environment.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]