Skip to main content
Tag

internet of things management

|||||||

Third-Party Patch Update: August 2018

By News, Patch ManagementNo Comments

Chrome Vulnerability Endangers Your Private Data

A vulnerability has been found within Chrome that would allow actors to access information stored by other web platforms, such as major data hoarders Facebook and Google.

CVE-2018-6177 was uncovered by Ron Masas, a security researcher from Imperva, and reported to Google. “With several scripts running at once — each testing a different and unique restriction — the bad actor can relatively quickly mine a good amount of private data about the user,” Masas said.

With their latest release, v68.0.3440.106, Google says the issue has been fixed. At the time of writing this article, there are no known active exploits of this vulnerability.

We recommend you update to the latest version of Chrome immediately.

Use Syxsense to inventory your environment and rapidly deploy any needed updates. On the home screen, you can quickly see which devices require critical updates.

By clicking on the graph, you’ll jump right into a patch deployment process, prepopulated to deploy critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

Third-Party Patch Updates

Below is a table of third-party updates:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat DC: v18.011.20058 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousaug2018.html#dccontinuousaugusttwentyeighteen

 

Acrobat DC: v17.011.30099 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic17.011aug2018.html#dc17-011augusttwentyeighteen

 

Acrobat DC: v15.006.30448 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic15.006aug2018.html#dc15-006augusttwentyeighteen

 

Flash Player Plugin and ActiveX: v30.0.0.154 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html#fixed_issues

 

N/A
Apple Media Software  

iTunes: v12.8.0.150 – https://support.apple.com/kb/dl1814?locale=en_US

 

 

N/A

Don Ho  

Notepad++: v7.5.8 – https://notepad-plus-plus.org/news/notepad-7.5.8-released.html

 

Evernote  

Evernote: v6.14.5.7671 – https://evernote.com/security/updates

 

FileZilla FTP Solution  

FileZilla: v3.35.2 – https://filezilla-project.org/versions.php

 

N/A
GNOME Foundation Image Processing and Editing  

GIMP: v2.10.6 – https://www.gimp.org/release-notes/gimp-2.10.html

 

Google Browser  

Chrome: v68.0.3440.106 – https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html

 

N/A
KeePass Password Manager  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html

 

Mozilla Browser and Email Application  

Firefox: v61.0.2 – https://www.mozilla.org/en-US/firefox/61.0.2/releasenotes/

 

Thunderbird: v60.0 – https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

Third-Party Patch Update: June 2018

By NewsNo Comments

Third Party Software Updates: June 2018

Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses.

These devices can be exploited thanks to two common IoT issues; IoT devices do not require authentication for connections received on a local network and because HTTP is more prevalent to control embedded devices.

These vulnerabilities could enable anyone to “virtually map” your network, which has much wider consequences such as DoS (Denial of Service) to your most critical infrastructure, disrupting your end user experience or potentially planning much more sophisticated cyber warfare.

Just imagine what could happen if a hacker could learn the OS host name & IP information for all your servers.

Both Roku and Sonos are actively working to resolve these issues, but updates will be necessary to secure your devices.

Start a trial with Syxsense and see if these devices are in your network.

Third-Party Patch Updates

Below is a table of third-party updates from June 2018: 

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

AIR: v30.0.0.107 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

 

Flash Player: v30.0.0.113 – https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

 

N/A
Citrix  

Citrix Receiver: v4.12 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 

Evernote  

Evernote: v6.13.13.7425 –

 

FileZilla FTP Solution  

FileZilla: v3.34 – https://filezilla-project.org/versions.php

 

N/A
Google Browser  

Chrome: v67.0.3396.99 – https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-chrome-os_26.html

 

N/A
 

Malwarebytes

Antivirus  

Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Browser and Email Application  

Firefox: v60.0.2 – https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/

 

Peter Pawlowski Audio Player  

Foobar2000: v1.4 – https://www.foobar2000.org/changelog

 

Uvnc bvba Remote Access Tool  

UltraVNC: v1.2.2.1

 

WinSCP SFTP, SCP, and FTP client  

WinSCP: v5.13.3 – https://winscp.net/eng/docs/history

 

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

100 Million IoT Devices Exposed

By NewsNo Comments

Z-Wave IoT Devices Exposed

Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks.

According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected.

It turns out that a variant of this downgrade attack was discovered last year by cybersecurity consulting firm SensePost, but the vendor told experts at the time that the risk was being mitigated by users being notified when additional pairing of devices were established.

Manage the IoT

Syxsense will give you a simple view of all of the IoT devices and provide you the information you need to keep yourself better protected. Sign up for a free trial today to get started.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|

FBI Warning: Reset Your Routers

By NewsNo Comments

FBI, DHS, and UK Authorities issue warning over VPNFilter

The FBI, DHS and UK authorities have issued a warning for the VPNFilter malware threat. According to Alert TA18-145A, there are concerns that actors will use VPNFilter to target routers and “collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic.”

Cisco researchers have indicated the following devices are known to be vulnerable:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • MikroTik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

The warning instructs that you install any new firmware for your routers and, after updating, reset your router. Even if you don’t have one of the listed devices, its recommended you update and reset your router as well.

Also, as a good practice and to protect yourself from repeat infection, ensure your router administration credentials are not set to the factor default.

According to Cisco’s Talos, the VPNFilter malware is known to have already infected at least 500,000 network devices across 54 countries.

This clearly illustrates an important IT lesson: relying solely on your firewall for protection isn’t enough. Malware is becoming more sophisticated and actors are looking for any way into your environment.

What to do:

IT departments need to keep their firmware up to date, but also keep patching regularly. Use a patching solution like Syxsense to ensure you’ll never have a lapse in important updates. CMS detects which devices need updates and the severity of those updates. Then you can schedule a time-frame in which to automatically deploy needed updates. This ensures every device is secured without interrupting business hours.

Check out a better way to manage your environment. Start a trial with Syxsense

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

The Rapid Rise of the IoT

By NewsNo Comments

The IoT is Here to Stay: Risks Included

Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device.

This shows the IoT has truly reached mass adoption across the country. This also presents inherent risks to everyone connected to the Internet of Things. At this scale of growth, taking action to manage the IoT is critical and urgent.

Other observations include:

  • Over 90% surveyed have made a purchase of a connected home device.
  • Nearly 70% already have a voice-controlled system such as an Amazon Alexa or Google Home.
  • 58% percent of people who own a connected home device are concerned about how it may impact their privacy.
  • 74% of respondents think connected home devices are the wave of the future.
  • Over 30% who do not have a connected home device plan to make a purchase within the year.

Manage the IoT

Robert Brown, Director of Services for Verismic said, “As our ownership of smart technology expands, there will become a moment in time when you will no longer have the instant knowledge of the devices in your home or office which could be used to expose critical vulnerabilities, breach your network or steal your identity.

Syxsense will give you a simple view of all of the IoT devices in your home or office, and provide you the information you need to keep yourself better protected.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo