Skip to main content
Tag

Linux Patch Management

||

FreakOut Botnet Freaking Out Linux Administrators

By NewsNo Comments

FreakOut Botnet Freaking Out Linux Administrators

A highly-sophisticated botnet known as FreakOut is targeting applications running on Linux operating systems — immediate patching is required.

FreakOut Botnet Exploiting Linux Vulnerabilities

A highly-sophisticated botnet known as FreakOut is targeting applications running on Linux operating systems which require immediate patching. Initial reports indicate this is primarily impacting Linux systems which have not been patched.

During a Weaponized attack, the botnet talks back to a remote system from where the Linux device becomes a slave, and the attacker has full access to the victim to deliver ransomware or perform data theft. 

Syxscore Risk Alert

The following vulnerabilities have been identified as important vulnerabilities to remediate in order to reduce the risk of the botnet becoming weaponized; we recommend to deploy at least one or preferably all three if they are detected on any of your systems.

1. CVE-2020-28188 – RCE in TerraMaster management panel (disclosed on December 24, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

2. CVE-2021-3007 – Deserialization bug in the Zend Framework (disclosed on January 3, 2021)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

3. CVE-2020-7961 – Deserialization bug in the Liferay Portal (disclosed on March 20, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||Linux Screen||

The Best Way to Patch Linux OS

By Patch ManagementNo Comments

The Best Way to Patch Linux OS

Linux is generally considered a more reliable OS to apply updates to, but not patching will expose your environment just like any other operating system.

How to Patch Linux

If you ever visit a Patch Tuesday article, you will often find comments about using Linux because of its reliability and lack of updates. This is often a huge misconception in the Linux community. Each Linux OS is different and some of the examples below show updates that are needed only a week after the servers were last fully patched.

Installing individual updates for Linux is relatively easy, but it requires you to know the name of the update you want to install.

The following process takes some time due to the use of the command line scripts. However, we recommend you learn the basics of “bash” (Bourne Again Shell), which is the Unix shell since it will greatly help the understanding of the process.

Both experts and the community are correct that the updates are more reliable with almost no Blue / Black Screen of Death (BSOD), but that doesn’t mean Linux doesn’t need to be updated.

Getting Started

  1. Establish a secure SSH remote console to the server, e.g. Putty or Telnet
  2. Run the following command line: apt list –upgradable | grep “-security”

Understanding the resultant screen shot above is essential, as each line records details of the package name, the version it upgrades to and the version installed. For example, the screen shot includes the following:

apparmor/xenial-updates,xenial-security 2.10.95-0ubuntu2.11 amd64 [upgradable from: 2.10.95-0ubuntu2.10]

Legend

Red: Name of package

Green: Name of upgraded package

Purple: Installed version of package

Where is the Severity and Update Description?

If you are used to Microsoft Windows Update (WSUS), you will notice the output of the script only produces the name of the missing update package. In fact, unless you search for the package name on the specific Linux OS website you will never know what are more important than others, or what the package is actually fixing.

Many industry experts believe this knowledge is essential when choosing which to prioritize, especially since many don’t have the time to install packages which are actually not security-related or very low in severity.

On the other hand, how would a Linux administrator know which package fixes a zero-day vulnerability or were absolutely essential to apply? Let’s continue with the install process:

  1. Identify the update(s) you wish to install (copy and paste is really useful)
  2. Run the following command line: sudo apt-get install <package name>=<version> For example, sudo apt-get install apparmor=2.10.95-0ubuntu2.11

Security Privileges

Because you are making changes to the system, your account must have SUDO security privileges, e.g. supervisor. Also pay attention to the spaces above as the command line needs to be exact in order to pass correctly to the Unix shell.

If you wish to install many updates at the same time, use a comma and paste the next update onto the line.

If you want to update a package to the latest version and not necessarily the version which has been detected, you can omit the version. However, this is not recommend or considered best practice due to the testing of specific versions of packages on your servers.

For example: sudo apt-get install apparmor

By default, all Linux packages are installed without a reboot.

Linux is generally considered a more reliable OS to apply updates to, but even so, the lack of patching will expose your environment just like any other operating system.

Patching Linux OS with Syxsense

Syxsense has many automation benefits to the manual patching methodology above. With the discovery process, all Linux devices can be detected and inventoried. Our Patch Manager displays the packages missing just like the scripts above, only we include additional information that is important to IT managers like the description, the vendor severity, and the independent CVSS score which is the cutting edge of vulnerability severity assessment.

Identifying zero-day updates is made easy with the color coding of the interface. The scheduler used to deploy the updated packages allowed flexible timing and reboot behavior to be set with ease. Enable your Linux Administrator to utilize their resources more efficiently by allowing them to automate and report on the patching of your Linux environment.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||||

Who Are the Worst Vendors of 2019?

By News, Patch ManagementNo Comments

Who Are the Worst Vendors of 2019?

From the highest number of software updates to highest number of critical vulnerabilities, find out which vendors are the worst offenders.

2019 has brought serious threats causing massive disruption and data theft. Which vendor has released the most software updates and fixes in 2019, and of these, which updates are the most critical? Let’s find out!

The top 20 vendors look like this for 2019—this means Microsoft has released the most patches to fix a vulnerability of any severity out of the most popular software vendors.

Let’s see how the top 10 from this list compare when we deep dive into the severity of the vulnerabilities fixed. For simplicity, we will base our statistics on the CVSS Score.

What is a CVSS Score?

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help properly assess and prioritize their vulnerability management processes.

We can see that Microsoft have released a total of 6330 patches so far this year, with 2143 of these patches resolving a vulnerability with a CVSS score of 9 or higher. Just behind Microsoft in second place is Adobe – which has released 2052 updates.

Let’s take a look at how the most serious vulnerabilities impact the original ranking. We can see from the table below that the top 5 vendors have made significant movements and some are unexpected, e.g. IBM has moved out of the top 5 and Adobe has moved into the top 5.

Who’s the worst?

To continue this trend analysis review and to find out who has fixed the highest number of critical vulnerabilities, let’s compare the percentage of those threats against the total number of patches they have released this year.

We can do this by dividing all vulnerabilities with CVSS score more than 9 and dividing by the total number released by 100. The following table shows the new ranking of the vendors against the original ranking.

Robert Brown, Director of Services said, “What is really surprising is that a third party vendor to Microsoft has fixed more high priority vulnerabilities than them. If you do not have a strategy to include third party updates believing that only Microsoft needs to be patched, I hope this table convinces you to implement a different, more inclusive process. Not only that, some of these third party vendors like Oracle and Cisco are less likely to appear in a patching strategy which would expose a lot of your estate. Lastly, the toolset you use to patch your environment should be flexible to include other non-Windows operating systems like RedHat and Suse.”

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Most Linux Builds Need an Immediate Patch

By News, Patch ManagementNo Comments

An Attacker Could Take Over Impacted Systems With 3 Commands or Less

A security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora.

The flaw, tracked as CVE-2018-14665, was introduced in X.Org server 1.19.0 package that remained undetected for almost two years and could have been exploited by a local attacker on the terminal or via SSH to elevate their privileges on a target system.

The X.Org foundation has now released X.Org Server version 1.20.3 with security patches to address the issue. While, popular distributions like OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora have published their advisories to confirm the issue and working on the patch updates.

All Linux vendors are recommending all customers update their operating systems as quickly as possible, all patches are available from OS vendors to address the vulnerability and are now available in Syxsense for immediate deployment.

Our discovery scan will identify every device with an IP address connected to your networks, including Linux devices.

Then, thanks to a comprehensive collection of inventory information, you can easily filter the device view and see which Linux devices need the required updates.

Within minutes you will have identified vulnerable devices and started a strategic remediation. Start a free trial of Syxsense and patch your Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo