Skip to main content



How Not to Get Phished

By BlogNo Comments

Phishing remains one of the most popular avenues of attack by cybercriminals. Yes, zero-day exploits sometimes help them to strike gold. But the bread-and-butter front-line troops of cybercriminal gangs are phish-ers of men and women.

It is rumored that in some regions these scammers work in office buildings , much like regular employees in the work-a-day world. They clock in at 9 am, enjoy the office banter, gather round the water cooler, maybe even get some employee benefits, and clock out at 5 PM. The only difference is their job descriptions revolve around phishing and hacking. Some devise campaigns while others are involved in areas such as researching phishing success, finding the best potential targets, composing new subject lines for emails, inserting malware into attachments and URLs, setting up fake websites, cold calling people, sending text scams, and trawling through social media to glean valuable data on high-value targets. This could be characterized as the ugly stepchild of modern marketing. They work hard to trick you. Some are really good at it.

Hot Phishing Subject Lines to Watch Out For

The latest report on phishing from security awareness training vendor KnowBe4 lays out the top email subjects clicked by users in the simulated phishing tests they conduct, the top attack vectors, and popular phishing email tactics.

Bottom line: Phishing via email continues to be one of the most common and effective methods to maliciously impact users and networks. The report lays out the ways in which cybercriminals constantly refine their strategies and how this helps them to keep outsmarting end users. They regularly review the click rates of their email subject lines. If the numbers dip sharply, they change the campaign or the topic. They are always looking at the headlines for something that will grab user attention to lead to an inadvertent click.

Most recently, phishers have focused on business-related email subjects as being the most fruitful. That’s why you are seeing so many fake messages about HR, IT, management issues, as well as subject lines about web services such as Google and Amazon. A big surprise in this year’s KnowBe4 report is that nearly 50% of email subjects were about HR matters. The rest were primarily on career development, IT issues, and notifications about work projects.

Users have grown accustomed to receiving regular emails from HR to do this or that, comply to X, or complete Y by end of week. Scammers know this. They send genuine-looking emails about fake HR subjects (and sometimes they even hack into corporate email systems and send these phishing emails from an actual HR user account). Users tend to open these emails and a good number click on the attachments or links. This either directly infects their systems, or fools them into entering login and other personal details.

What Users Need to Do to Minimize Phishing Impact

Here are some of the following steps to avoid falling prey to phishing scams:

  1. Institute regular security awareness training to keep users up to speed on the latest tactics used by scammers
  2. Simulate phishing attacks to measure user tendency to click on malicious links and attachments.
  3. Conduct regular scans of all endpoints on the network to locate vulnerabilities, weak points, unpatched systems, and misconfigurations.
  4. Deploy an automated patch management system to ensure all endpoints are properly patched.

Syxsense Enterprise delivers real-time vulnerability monitoring, automated patch management, instant remediation for all endpoints, IT management, Mobile Device Management (MDM), and zero trust capabilities across your entire environment. Breaches can now be detected and remediated within one endpoint solution. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It automatically prioritizes and deploys OS and third-party patches to all major operating systems, as well as Windows feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Education Sector Remains a Major Target for Ransomware Attacks

By BlogNo Comments

The education sector has been in the crosshairs of cybercriminals for years. If anything, it is getting worse. According to a study by Comparitech, almost 1000 schools were affected by ransomware in 2021, impacting about a million students. Total price tag? The estimates of the cost to education institutions is around $3.5 billion in downtime alone, not to mention the ransomware payments themselves.

In many cases, the ransom is paid. Otherwise, schools and colleges face days or weeks of shutdowns, often at critical periods such as during exam or enrollment for the new year. In some cases, these attacks are fatal. Lincoln College, attacked in late 2021 has now permanently closed its doors due to fallout from the attack that led to a lack of enrollments. To make matters worse, the college paid the ransom.

Ransomware payouts from educational institutions vary widely. They range from $100,000 to as much as $40 million. Hackers typically do their homework in advance and have become skilled in knowing the means of the institution and the business impact of being shut out of systems. They set their ransoms accordingly.

Further tactics include double-extortion attempts: hackers encrypt systems and demand a fee to hand over the encryption key. But they also threaten to post sensitive data online. This double-whammy kind of treatment has been meted out to the likes of Broward County Public Schools, Clover Park School District, Somerset Independent School District, Union Community School District, and the Affton School District. Top targets include New York, Texas, Florida, and Arizona.    

Vice Society

The most recent headlines about school cybercrime have centered around a threat group known as Vice Society. It specifically goes after K-12 school systems. It successfully breached the LA County Unified School District (LAUSD) in September 2022. Timed to disrupt the district at the beginning of the academic year, hackers hoped to extort funds due to around 640,000 students being impacted by the ransom attack.

Vice Society targets schools as they are thought to be relatively soft targets. As well as being more likely to pay a ransom due to possessing a strong desire to serve their students, they are also not known to have strong security.

At LAUSD, Vice Society exfiltrated 500 GBs of personal information. They asked for a ransom and threatened to leak sensitive personal data to the public. In this case, the school district decided not to pay up. They reasoned a) there was no guarantee hackers wouldn’t end up leaking the data and b) the money could be put to better use by funding student needs.

That is part of a growing trend. While some organizations continue to pay ransoms, a many others are now refusing to do so.

Schools Need Help

Educational institutions have been late to the cybersecurity party as their focus is always on attending to the needs of their students. But recent events have forced them to pay more attention to security. However, it is not their core competency.

Thus, schools are encouraged to seek outside help in combating cybercrime. Vendor-based Software-as-a-Service (SaaS) security offerings are widely available. Alternatively, managed security service providers (MSSPs) can provide robust security safeguards that combat ransomware, safeguard systems, and free up the IT departments within educational bodies to focus on tools and systems that serve an educational purpose.

Syxsense Enterprise offers the educational sector real-time vulnerability monitoring, automated patch management, instant remediation, and IT management across all endpoints on one console. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. In addition, it can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 and 11 feature updates. It offers peace of mind for any and all desktops, laptops, servers, virtual machines, and mobile devices. Syxsense Enterprise is also available to MSPs via our MSP Partner Program.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Managing the Endpoint Vulnerability Gap: Key Findings

By Endpoint SecurityNo Comments

Syxsense is pleased to be a sponsor of Enterprise Strategy Group’s latest survey on the Endpoint Management Vulnerability Gap. Respondents of this survey included IT and cybersecurity professionals involved with endpoint management and security technologies and processes. These professionals work for companies with 100 employees or more and cover a variety of industries.

The objectives of this research are to:

  • Identify challenges, strategies and trends in endpoint management and security
  • Determine if and how endpoint management and security functions and systems are converging
  • Highlight opportunities for improving endpoint management and security fueled by functional convergence

Fill out the form below to get your copy of the eBook.

Password Managers: To Use or Not to Use

By BlogNo Comments

A series of recent incidents has led to debate concerning the value of password managers.

  • PayPal sent out breach notifications to thousands of users that had their accounts accessed through credential stuffing attacks that exposed some personal data. Some linked the attack to password reuse across systems. As many people use the same password on multiple accounts, they run the risk of their accounts being breached by bad actors who compromise one account and use that same password to enter other systems used by the user.
  • Credential stuffing attacks are becoming more common. Attackers use bots to attempt thousands of logins a second.
  • The popular password manager LastPass has been hacked multiple times over the past year or two. This has people wondering whether they should use such a tool or not.

So, should you use a password manager or not? The short answer is yes, they need to be used. Why? According to KnowBe4, the average user accesses more than 170 different sites and services. Each one needs a password. This number may seem excessive. But take a moment to add it all up. Every bank account, all the work-related sites, social media, Amazon and other cloud services, travel sites, hotel sites, and on and on. (I added mine up and came up with over 200 logins). That’s part of the problem. What do users typically do to cope with this ridiculous number of passwords? They reuse passwords over and over and that opens the door to more widespread breaches.

When security policies are implemented forcefully concerning passwords, users are forced to change them every quarter, and in recent times have had to move from 6 characters to eight to ten or more. They have also been required to add capitals, numbers, and symbols. What is the user response? The average person without a password manager has less than 10 passwords (or password patterns) that they use across all the sites they deal with.

To make matters worse, many of these passwords are relatively weak. They can be broken quickly using brute force techniques. The consequence? If a hacker breaks one password, they can try it in many other places. Perhaps they only compromise Facebook at first. From there, however, they can try bank account logins using the person’s email and preferred password. They often strike gold. Crypto accounts, Amazon, and work accounts are also exposed to attack.

Password Manager Failings

Password managers, then, should be used. They provide strong, random passwords that are different for every site or service. Unlike eight-character passwords that can be cracked via brute force in short order, these passwords are unguessable by any known technology. But as the LastPass hacks made clear, password managers are not infallible. Those that store your passwords in the cloud are especially susceptible to attack. Those that store them locally are better such as on a device where you use your password manager. Yet there remains a single point of failure on that local machine. If the bad guys gain access to it, they can get inside the password manager if the user leaves it unlocked. That allows them to see stored passwords and export them. Users are advised to configure password managers to automatically lock after a very short time.

Keyloggers can also be employed to steal the master password used to access any password manager. A good way around it is to require multi-factor authentication to unlock the password manager, such as receiving a text to your phone.

And like any software or system, password managers contain software vulnerabilities. They can be used by attackers to access or exploit password managers, sometimes even when they are locked. Vendors issue patches to fix these exploitable bugs.

Lack of encryption can be another weakness. Choose password managers that use strong encryption of stored passwords, logon names, URLs, and other sensitive data.

There are many other ways that hacking can occur. But like any other online system, the basics still apply:

1. Use a reputable password manager that applies the safeguards noted above.

2. Include multifactor authentication as part of the login process.

3. Update all password managers with the latest fixes and patches to keep them secure.

4. Include password managers in vulnerability scans to ensure no weaknesses are left undiscovered.

5. Keep systems in general fully patched and up to date. Password managers employ browser extensions and interface with other systems. Those other systems and extensions need to be patched, too.

Syxsense automates the process of installing patches, performing vulnerability scans, and remediating any issues found.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Who is Being Victimized by Cyber – Crime? And Should You Be Worried?

By BlogNo Comments

There is so much news about cybercrime that you might get the idea that it is happening to everyone everywhere – to all organizations of all sizes and across all industries. Certainly, there is some truth to the statement that all are at risk. But it remains a generality.

Orange Cyberdefense’s Security Navigator 2023 report makes it clear that specific industries, company sizes, and architectures are far more likely to be targeted and breached than others. So, should you be worried? Let’s take a closer look at the areas that pose the most risk, and the targets cybercriminals are most likely to go after.

Most Likely to Be Victimized

The report delivered insights from around 100,000 incidents worldwide. Here are the major findings:

  • Asia and Europe are surging as hot cyber-extortion destinations, but North America remains a key target. From 2021 to 2022, an increase was observed in the number of victims from Europe (+18%) the UK (+21%), East Asia (+44), and especially the Nordic countries (+138%). North America, too, remains heavily attacked, but a little less so than before. 2022 showed the USA down by 8% and Canada by as much as 32%. 
  • Small businesses are under the gun. The study found that 4.5x more small businesses fell victim to cyber extortion than medium and large businesses combined. This indicates a clear shift in tactics by cybercriminals as they have noted the lax defenses that often exist in the SMB sector. That said, large businesses can’t rest easy. In terms of sheer volume of attacks, they suffered by far the most attacks, and were also the most heavily impacted when they did get breached.
  • The manufacturing sector is in danger. The report found that manufacturers were the most likely to fall victim to cyber-extortion. It attributed this fact to poor IT vulnerability management among large manufacturers and the fact that they often rely on legacy infrastructure. As a result, they possess a lot of non-IT operational technology (OT) systems that are rarely as well secured as IT infrastructure.
  • Malware was the most prominent attack vector, appearing in 40% of all incidents processed. Network and application anomalies were the second highest incident type but dropped in frequency from 22% down to 19%.
  • 47% of all security incidents detected originated from internal actors. Whether deliberate or accidental, insider threats are growing. As well as from sheer malice, this can be due to misconfiguration, unpatched systems, or other errors made within companies.
  • Criminal groups are evolving fast. From the top 20 actors list observed in 2021, 14 are no longer in the top 20 of 2022. After Conti disbanded in Q2 2022, Lockbit2 and Lockbit3 become the biggest cyber extortion actors in 2022 with over 900 victims combined.

How to Avoid Becoming a Victim

The report laid out a series of key steps that organizations can take to ensure they do not land on the naughty list (also known as the cybersecurity victims list):

  • Implement multifactor authentication (MFA) on authentication interfaces
  • Frequently backup business-critical assets and complement this with offline backups.
  • Test the integrity of these backups regularly by restoring critical functions.
  • Implement or upgrade endpoint protection and anti-malware systems.
  • Install defenses against Distributed Denial of Service (DDoS) attacks.
  • Configure firewalls and other perimeter equipment to allow only the minimum of outbound traffic to the internet.
  • Monitor outbound traffic closely for anomalies. 
  • Identify trust boundaries and implement tight controls for services and users that want to cross into those zones. Least privilege and Zero Trust concepts can also apply here as well as network segmentation. 
  • Identify and patch any internet-facing technologies, especially Remote Access like VNC and Microsoft RDP, Secure Remote Access like VPNs, and other security technologies like firewalls.
  • Continuous vulnerability management
  • Prioritize patches based on whether vulnerabilities have known working exploits. This is applicable to infrastructure as well as end-user software or devices. Internet-facing services with known vulnerabilities must be patched.

Syxsense Enterprise takes care of the last three points while providing a Zero Trust framework. It offers automated patch testing, deployment, and prioritization, as well as continuous vulnerability scanning, mobile device management (MDM), IT management, and automated remediation.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Sloppy CVE Handling Could Mean its Time to Update Your CV – Unless you Bring in an MSP

By BlogNo Comments

There are hundreds of Common Vulnerabilities and Exposures (CVEs) in existence, some more serious than others. All need attention, yet many organizations have gotten sloppy about how they take care of CVEs. Some take months to deploy urgent patches as covered in CVEs. Sometimes in can take years. In a few cases, there are CVEs unresolved in organizations that are more than a decade old.

Those in IT and cybersecurity that are guilty of ignoring or taking far too long to remediate CVEs are advised to either update their CVs and resumes and start sending them out – or bring in an MSP that can completely take care of patch management and vulnerability management. It’s the easy way to ensure no CVEs are unaddressed anywhere in IT systems.

CVEs in Neglect

Let’s take a look at some of the important CVEs that are largely neglected in many organizations. These are only a few examples out of many that could be lurking:

CVE-2018-13379 FortiGate VPNs: The CVE title includes the year of release. This one from 2018 is still being exploited despite regular alerts being issued about it.  Advanced Persistent Threat (APTs) groups continue to use it in attacks. It is such a severe risk that anyone using this VPN without the patch deployed should assume they are now compromised and to begin incident management procedures. Remediation steps include removing these VPNs from service, returning them to factory default settings, reconfiguring them, installing all patches, and once done, returning them to service. An upgrade to the latest FortiOS version is also recommended. Further action indicated is to scan all hosts and networks that are in any way connected to the VPN to look carefully for any signs of malicious activity.

There are also several high-priority patches from 2019 that are often unpatched in enterprise systems:

CVE-2019-19781 about Citrix NetScaler from 2019 has been used to compromise, among others, an Australian defense database.

CVE-2019-11510 relates to Pulse Secure Connect. It can result in arbitrary file disclosure and leaks of admin credentials. This one has been used in attacks via VPNs and by nation-state actors.

CVE-2019-3396 for Atlassian Confluence is a remote code execution bug.

CVE-2020-0688 for Microsoft Exchange. Dating back to early 2020, it leaves server data unencrypted and open to attack. Nearing its third anniversary, it remains a potent vulnerability for the bad guys to exploit.

This is just a partial list. Others that are deemed serious from 2019 include CVEs related to a Cisco router, Oracle WebLogic Server, Kibana, Zimbra software, the Exim Simple Mail Transfer Protocol. When you factor in the CVEs from 2020, 2021, and 2020, the list is very long indeed.

Watch Your Back

Anyone with vulnerabilities and CVEs unpatched dating back more than a couple of months in 2022 should watch their back as they are open to charge of neglecting their cybersecurity duties. Anyone with un-remediated CVEs from 2021, 2020, 2019, or even as far back as 2018 as in the case of FortiGate VPN, could well be soon looking for a new job. They better dig out their CV and get it updated fast.

Before the axe falls, a smart move would be to draft in help from an MSP to help eliminate these vulnerabilities, institute vulnerability management and attack readiness processes, and fully patch all applications, operating systems, and endpoints including mobile devices.

Syxsense offers managed security services for patch management, vulnerability management, and remediation. These services provide real-time, 24-hour security coverage. Syxsense also offers an MSP/MSSP program with a world-class platform. Both are built on the foundation of Syxsense Enterprise, an automated patch management, vulnerability scanning, mobile device management (MDM) and IT management platform. It detects outdated patches and threats in real time and can be used to implement updates before bad actors can take advantage of exploits. Syxsense Enterprise incorporates Zero Trust practices and includes features such as patch supersedence, patch roll back, and a wealth of automation and configuration features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

For more information, visit:

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Syxsense Releases White-Label Branding for MSPs, MSSPs and Large Enterprises

By Press ReleaseNo Comments

Syxsense Announces White Label Branding for MSPs, MSSPs and Large Enterprises

Syxsense has announced the official release of white-label console branding for MSP, MSSPs and large enterprises.

Syxsense Further Enhances Support for MSP, MSSP and Large Enterprises

Syxsense, a global leader in the intelligent automation of IT, patch management, security vulnerability scanning and remediation, today announced the release of White Label console branding for MSP, MSSPs and large enterprises.

Building and maintaining brand identity increases revenue and customer awareness. Syxsense now offers the ability to replace and customize logos, labels, and website links in the Syxsense console.

Experience the Benefits

MSP and MSSPs looking to augment their managed service with new functionality can do so without incurring the cost of building a solution from scratch, all while presenting the functionality as a natural extension of their existing offerings. Syxsense increases recurring revenue by automating IT, offering comprehensive patch management, and full security vulnerability scanning and remediation.

In addition to consistent corporate branding and logos, white label users can easily customize the Syxsense reusable dashboards to present exactly the information and results most important to clients or employees. Built on a native cloud infrastructure, the new customizations to the browser-based UI easily integrate into corporate workflows. Reusable elements like reoccurring patching maintenance windows and Syxsense Cortex Workflows quickly empower MSPs and MSSPs to deliver on the promise of a secure, well managed IT environment.

The White Label option is included with Syxsense Manage and Syxsense Secure at no additional cost. Syxsense is offering free, fully-featured trials for up to 100 devices for 14 days. More information on the software and trial can be found here.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

February Patch Tuesday: No Love From Microsoft

By Patch Management, Patch TuesdayNo Comments

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

The Best of 2016: Our Year in Review

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Our Year In Review

2016 was a big year for Syxsense. As a company, we are constantly growing, adding new features and always focused on our customers.

IT systems management is frequently changing and it’s crucial to keep up with the latest news, strategies and updates. Every month, we share the latest Microsoft and third-party patches, explaining which to prioritize and how to implement the most effective patch strategy.

With plenty of changes on the way for 2017, be sure to stay on top of patching and IT systems management in the new year. Even when other tasks fill up your to-do-list and seem more important, prioritizing patching is the best New Year’s resolution for any IT manager. Explore the highlights and some of our favorite content from the past year.

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]

MSPs Need A Simple Systems Management Tool

By Managed Service Providers, NewsNo Comments

It would be easy to switch off when people start talking about cloud. The subject is not only worn out, but is one that means so many different things to so many people. As a result of that jaded confusion, there is a danger that some of the potential opportunities cloud presents could be missed.

MicroScope garnered opinions from across the channel about what cloud technology could offer resellers this year and where efforts would be best placed for those looking to grow their businesses. The good news is that there are plenty of suggestions, and with Microsoft Windows Server 2003 support ending in July, it is a good time to encourage those running on traditional setups to look at a hosted alternative.

Management of Systems
Ashley Leonard, president and CEO at Verismic, says the channel community, particularly managed service providers (MSPs), need to arm themselves with a simple, cloud-based systems management tool.

“PCs and laptops are not going away, despite the rush to adopt tablets and smart devices. PCs and laptops need managing, monitoring, patching and licensing. Windows 10 will likely create a flurry of upgrade work, application compatibility testing and roll-out,” he says.

“MSPs need a systems management tool that combines the cloud with agentless end-device setup, so they don’t need to deploy and maintain another piece of software at every customer site and on every PC,” he says.

Read the full article at

[vc_single_image image=”3339″ img_size=”full” alignment=”center”]