Skip to main content
Tag

IT Management

||

Chrome Compromised: September Third-Party Patch Update

By Patch ManagementNo Comments

[vc_single_image source=”featured_image” img_size=”medium”]

1 Million Targeted by Chrome Extension Hack

Even experts aren’t exempt from deceptive phishing attacks. It’s being reported that the developers of several extensions had their login credentials stolen.

It’s the second time in a week that Chrome users have been targeted by extension hijacks. The first involved an extension called CopyFish with around 30,000 installs. That attack may have been a test intended to see how many fraudulent ad views could be pumped through before Google intervened and returned control of the extension to its rightful owners.

Extensions reported so far:

  • Web Developer version 0.4.9
  • Chrometana version 1.1.3
  • Infinity New Tab version 3.12.3
  • CopyFish version 2.8.5
  • Web Paint version 1.2.1
  • Social Fixer 20.1.1
  • TouchVPN
  • Betternet VPN

Once the attackers had access to the developers accounts for these extensions, they began modifying the code. It seems their goal was to gain control over victims’ browsers and then if the victim had a Cloudflare account, steal that information.

It’s important to keep your browser’s up to date and review extensions before you install them.

The Source of NotPetya

Just after the outbreak of NotPetya, several entities seemed to point at software distribution provider MeDoc as one of the main sources of the outbreak. They claim that their software was a victim of a hack that then led to it being the vessel for initial distribution of NotPetya. From there, it spread through updates of MeDoc and began infecting more and more victims. This sort of event is known as a ‘supply chain attack’.

[vc_single_image image=”12386″ img_size=”200×200″]

The compromise of a software distribution method is extremely dangerous for businesses. Before you know it, a vulnerability can be spread to every device accessible via the hacked distribution software. How do you prevent such a disaster? One way could be the activation of two-factor authentication for login to your IT management software. This can help prevent the software from being compromised in the first place.

Don’t leave something that could infect your entire environment unsecured.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

Below are a list of third-party software updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash and AIR: 26.0.0.151 and 26.0.0.127 – https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html

 

Apple Media Software iTunes: 12.6.2 – https://www.neowin.net/news/apple-releases-security-updates-for-itunes-and-icloud-for-windows

 

Cerulean Instant Messaging

 

Trillian: 6.0 build 61 – https://www.trillian.im/changelog/windows/6.0/

 

Citrix Data Delivery Receiver: 4.9 LTSR – http://docs.citrix.com/en-us/receiver/windows/current-release/about.html

 

Don Ho Source Code Editor Notepad++: 7.5 – https://notepad-plus-plus.org/news/notepad-7.5-released.html

 

FileZilla FTP Solution 3.27.1 – https://filezilla-project.org/versions.php

 

Foxit PDF Reader Reader: 8.3.2.25013 – https://www.foxitsoftware.com/pdf-reader/version-history.php

 

Google Browser Earth: 7.3.0 – https://support.google.com/earth/answer/40901?hl=en

Chrome: 60.0.3112.113 – https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_24.html

 

Malware Bytes Malware Defender

 

3.2 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Brower and Email Client Firefox: 55.0.3 – https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/

Thunderbird: 52.3.0 – https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/

 

Realvnc Remote Access Software 6.2.0 – https://www.realvnc.com/en/connect/docs/desktop-release-notes.html

 

The Document Foundation Office Suite LibreOffice: 5.4.0 – https://wiki.documentfoundation.org/ReleaseNotes/5.4

 

Wireshark Network Protocol Analyzer 2.4.0 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html

 

[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||||

Russian Hacking Group Targets Hotel Guests

By NewsNo Comments
[vc_single_image image=”12919″ img_size=”large”]

Hackers Use NSA Tools in Hotels Across Europe

A group of Russian hackers best known for breaking into the Democratic National Committee have been using a leaked NSA espionage tool to target hotels across Europe in an attempt to spy on guests, according to new research published by cybersecurity firm, FireEye.

The hacker group known as APT28, or Fancy Bear, has targeted victims through connections to hacked hotel Wi-Fi networks.

APT28 infiltrated hotel networks via phishing emails that contained infected attachments and malicious Microsoft Word macros. Once they were in a hotel Wi-Fi network, they would then launch NSA hacking tool EternalBlue, which was leaked in 2017. This tool allowed them to spread control throughout the network, eventually reaching servers responsible for the corporate and guest Wi-Fi networks.

“It’s definitely a new technique” for the Fancy Bear hacker group, says Ben Read, who leads FireEye’s espionage research team. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

Hotel Wi-Fi has become a major vehicle for advanced hackers to target people of interest who happen to be connected. In 2014, researchers at security firm Kaspersky Lab said a group it dubbed Dark Hotel had been infecting hotel networks for at least seven years.

In a separate report a year later, Kaspersky Lab researchers uncovered evidence suggesting a separate hacking group with ties to the creators of the Stuxnet worm infected hotel conference rooms in an attempt to monitor high-level diplomatic negotiations the US and five other nations held with Iran over its nuclear program.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”12927″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

What can you do to protect yourself?

For remote users, it’s important to be aware of the threats like having information and credentials passively collected when connecting to public, untrusted networks. Experts advise using your own wireless hotspot and avoid connecting to hotel Wi-Fi networks when possible.

Keeping all remote devices fully patched is also critical. APT28 is using the same exploit as WannaCry and NotPetya. Microsoft patched these weaknesses in March 2017 and tools like Syxsense, Windows Update or other patching solutions should be already protected by deploying MS17-010.

However, many organizations have older non-Microsoft supported operating systems still deployed – Windows Server 2003, Windows XP, Windows XP Embedded and Windows 8. Microsoft also took the unusual of releasing a patch for these unsupported operating systems.

We strongly recommend identifying all vulnerable operating systems and deploying this patch immediately.

[spacer height=”10px”][vc_single_image image=”11213″ img_size=”medium” alignment=”center”]

Many companies struggle to keep remote users completely up-to-date since they rely on manual patching or simply do not prioritize the process. However, patching is a necessity – even more so for machines that are not always on the network.

Syxsense allows you to keep all devices, including remote users, fully patched and protected. After months of global ransomware attacks and major security threats, it has never been more important to protect your IT environment.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

March Patch Tuesday: Patching Chaos

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

The Eye of the Patch Storm

Two months have passed since the beginning of the year where we saw one of the smallest releases of patch content for the past couple of years, to then having an entire baseline cancelled at the last minute in February.

Some IT managers may have counted their lucky stars for the reduction in their workload so far this year – that is until they see this massive release.

Microsoft have released eighteen updates this month, nine are rated Critical with the remaining rated Important. Last week Microsoft also released 17 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

Last year we raised our concerns about rolling patches together, and last month only two months since Microsoft adopted this strategy were our concerns realized. Because of a single bad patch, the entire baseline was cancelled. 

Don’t get us wrong, we understand the benefit of rolling content into single cumulative updates, but we also appreciate the level of testing needed to ensure a safe combination of updates when rolling them together. That same level of care should be adopted when deploying updates in your environment to ensure bad updates do not cause business outages.

A school study at the University of Maryland was the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average.

[vc_single_image image=”11077″ img_size=”medium”]

Robert Brown, Director of Services said “Perception as to the current threat to a company’s network should not be founded on the content released by vendors such as Microsoft alone. There are multiple perimeters you can secure to protect your assets, but remember to also look at the tool you are using to secure your environment. In the past few weeks, IBM have released over 20 security updates for their premise and cloud based patch management tools, meaning your toolset should have a perimeter of its own.”

According to the SANS Institute, 95 percent of all attacks on enterprise networks start with a successful spear phishing attack. Full details of this article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number

Bulletin ID

Description

Impact

Restart Requirement

Publically Disclosed

Exploited

Severity

CVSS Score

Recommended High Priority

1

MS17-006

Cumulative Security Update for Internet Explorer (4013073)

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

Yes

Critical

8.8

Yes

2

MS17-007

Cumulative Security Update for Microsoft Edge (4013071)

 

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

No

Critical

8.8

Yes

3

MS17-008

Security Update for Windows Hyper-V (4013082)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Remote Code Execution

Yes

Yes

No

Critical

8.8

 

4

MS17-009

Security Update for Microsoft Windows PDF Library (4010319)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Remote Code Execution

Yes

No

No

Critical

8.8

 

5

MS17-010

Security Update for Microsoft Windows SMB Server (4013389)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Remote Code Execution

Yes

No

No

Critical

9.8

Yes

6

MS17-011

Security Update for Microsoft Uniscribe (4013076)

 

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

No

Critical

7.8

 

7

MS17-012

Security Update for Microsoft Windows (4013078)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Remote Code Execution

Yes

Yes

No

Critical

9.8

Yes

8

MS17-013

Security Update for Microsoft Graphics Component (4013075)

 

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

Yes

Critical

8.4

Yes

9

MS17-014

Security Update for Microsoft Office (4013241)

 

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Maybe

Yes

No

Important

7.8

 

10

MS17-015

Security Update for Microsoft Exchange Server (4013242)

 

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Remote Code Execution

Yes

No

No

Important

5.4

 

11

MS17-016

Security Update for Windows IIS (4013074)

 

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Remote Code Execution

Yes

No

No

Important

6.1

 

12

MS17-017

Security Update for Windows Kernel (4013081)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

Elevation of Privilege

Yes

Yes

No

Important

7.8

 

13

MS17-018

Security Update for Windows Kernel-Mode Drivers (4013083)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Elevation of Privilege

Yes

No

No

Important

7.8

 

14

MS17-019

Security Update for Active Directory Federation Services (4010320)

 

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Information Disclosure

Yes

No

No

Important

4.3

 

15

MS17-020

Security Update for Windows DVD Maker (3208223)

 

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

2.8

 

16

MS17-021

Security Update for Windows DirectShow (4010318)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

3.3

 

17

MS17-022

Security Update for Microsoft XML Core Services (4010321)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Information Disclosure

Yes

No

Yes

Important

3.5

 

18

MS17-023

Security Update for Adobe Flash Player (4014329)

 

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Remote Code Execution

Yes

NA

NA

Critical

 

Yes

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

February Patch Tuesday: No Love From Microsoft

By Patch Management, Patch TuesdayNo Comments
[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]