Skip to main content
Tag

patch deployment

ransomware

DDoS Eclipses Ransomware as a Major Threat

By BlogNo Comments

A recent Threat Pulse research report from NCC Group found that the highest number of Distributed Denial of Service (DDoS) incidents between January and September 2022 took place in the month of September. This represented a 14% increase and a total of 2,090 DDoS attacks. Ransomware attacks, meanwhile, were down 7% from the previous month with Lockbit 3.0 (30%), Black Basta (13.3%), and BlackCat (12.8%) remaining the most prevalent threat actors. Lockbit has been the most active group for every month of the year.  

Sector-wise, all areas experienced a high volume of attacks. But Industrials (34%) were the most attacked vertical, followed by Consumer Cyclicals (18%), Healthcare (10%), and Technology (8.5%). The geographical distribution of attacks showed no surprises: North America suffered 84 attacks (45%), making it the most targeted region. Europe was next with 27%, then Asia with 14%. 

Interestingly, ransomware attacks overall were found to be 50% lower than a year before. It seems likely, therefore that 2021 will remain the highest year on record – unless there is an unprecedented upsurge in ransomware to end the year.  

Shift of Tactics  

Make no mistake. Ransomware remains a potent threat. But stepped-up law enforcement efforts, better international legal collaboration, and organizations deploying a raft of ransomware protection solutions probably combined to lessen its impact.  

The bad guys may be criminals, but they are not fools. They know what is going on. Thus, they have adjusted their tactics by increasing the volume of DDoS and launching more targeted ransomware campaigns. More than likely, 2021 was a freak year. Due to the success of ransomware in 2020, just about everyone among the cybercriminal gangs decided to get in on the act. Entire cybercrime supply chains formed up to facilitate ransomware. Lots of little outfits would probe enterprises for weaknesses. They would get a finder’s fee for passing on the details of a ripe target. More organized groups would then execute the ransomware attack and seek to collect the funds. Ransomware as a Service, too, emerged. Criminal developers created kits that could be sold to people with little or no computing experience. These developers got a cut of every successful extortion scheme.  

But the unprecedented funds raised through ransomware let to a glut in the market in 2021. Hence, the downturn in 2022. That doesn’t mean ransomware will go away. It is expected to remain an important part of the cybercrime toolkit for some time to come. But stronger defences against it mean that the bad guys will turn to tried and tested means of breaking into enterprise IT systems.  

They will scan networks looking for server, website, operating system (OS) and application vulnerabilities. They will scour the web for unpatched systems. When they find them, they will exploit them relentlessly. Bad actors know that items on the Common Exposure and Vulnerabilities (CVE) list remain weak spots in many organizations. Despite these threats being publicized broadly and patches and remediation steps being clearly laid out, a great many organizations fail to act. There are many cases on record of vulnerabilities remaining unremedied years after the issuance of a patch. We have known about Log4j, for example, for a year now yet it is still being exploited. Similarly, the Heartbleed exploit from 2014 remains something that the bad guys can exploit in some businesses.  

Syxsense Protection 

Syxsense Enterprise offers comprehensive vulnerability management, remediation, and patch management. It intelligently distributes patches with the click of a button without tying up bandwidth across the enterprise. It does this automatically, using technology that is designed to send software and patches across the wire once, using peer-to-peer within the network for local distribution.  

Further features include:  

  • Patch supersedence addresses the fact that vendors sometimes include older updates in current patches. Therefore, if a company is deploying patches sequentially, it can place the new patch at the end of the queue and not deploy it immediately while it takes care of the oldest patches. However, the new patch a) may be higher priority, and b) includes the old patch in any case. The patch supersedence features of Syxsense would deploy the new patch and not the old one.  
  • Patch Roll Back: The last thing you want is for an update to cause incompatibilities in other systems. That’s why software vendors and IT departments conduct testing to ensure patches are benign. But despite the precautions, faulty patches can occasionally happen. Syxsense includes a patch roll back feature that allows you to return your systems to the state that existed before the implementation of the new patch.  
  • Testing and release within three hours: Hackers and cybercriminals move fast. There is no time to lose in installing patches. Within a couple of hours of a patch being released, Syxsense has tested it, validated it, and has it ready for distribution.  
  • Automation: With hundreds or even thousands of endpoints to manage, manual patch distribution is too slow. Syxsense is fully automated to ensure critical patches are implemented right away. There is no need to formulate scripts, hop from one screen to another, or manually push out patches to various destinations.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

The API Insecurity Challenge

By BlogNo Comments

Application Programming Interfaces (APIs) have become ubiquitous in IT. There are now more than 400 billion API calls per month. They enable applications to interact and systems to connect with external services.  

Think about the many layers of the networking stack. It begins with the physical layer and then there are additional layers dealing with different aspects of computing and interaction. Above them all are the APIs. They usually harness the HTTPS protocol to communicate or relay requests and responses. Thus, APIs are the glue that bring software elements together. In the cloud, they connect the client and the provider.  

But popularity usually creates other problems. Nobody bothered much with malware for Apple platforms until the company rose to dominance in the 2000s. Until then, almost all viruses were squarely aimed at Windows as it accounted for an overwhelming majority of all PCs and laptops. Once you reach a certain size or level of market penetration, though, cybercriminals are likely to take notice. In the case of APIs, getting close to half a trillion calls a month certainly warrants attention.  

The State of API Security  

API security has not been a topic of lengthy conversation until recently. APIs were thought of as something happening in the background – a relatively minor aspect of overall IT infrastructure. Due to their lack of stature, they haven’t received the attention they deserve from developers with regard to overall security.  

In some ways, this isn’t too dissimilar to the way applications were developed. Until quite recently, developers created their apps and then security features or patches were added after the fact. It has only been in the last few years with rampant data breaches and ransomware that we have seen the appearance of DevSecOps and other movements that aim to make applications more secure from the very early stages of their creation. The goal is to bake in security rather than cobble it on at a later point once use in the real world exposes its vulnerabilities.  

APIs have been late to the party. They have been somewhat neglected as a potential weak point in organizational defenses. And the bad guys are onto it.  

APIs, after all, are what expose services to the outside world. And they can be compromised. Common problems include vulnerabilities within the APIs themselves, misconfiguration issues, lax access controls that allow APIs to share too much information, personally identifiable information (PII) being exposed via APIs, and in general, not getting APIs enough attention from security tools. No wonder hackers have learned different ways they can use to exploit insecure APIs as a means of compromising systems or stealing data.  

 

Safeguarding APIs  

There are several steps that organizations should take to safeguard the APIs they utilize:  

  1. Add API security best practices to internal development efforts so you don’t perpetuate the API insecurity challenge.  
  2. Inventory all APIs in use: Due to the prevalence of APIs in just about every aspect of IT operations, few organizations have a good idea of the many ways their applications are touched by APIs. What is needed is a complete API inventory. Only by possessing such an inventory does it becomes possible to spot misconfigured, insecure, or unprotected APIs.  
  3. Reveal how access controls interact with APIs to determine whether they reveal too much information by inspecting API gateways and the micro-services involved.  
  4. Ensure APIs are configured to prevent exposure of PII and to prevent violations of the many privacy regulations that apply.  
  5. Monitor how APIs are consumed to detect abnormal behavior or potential abuse.  
  6. Adopt sensible safeguards to keep the organization secure such as mobile device management, patch management, and vulnerability management.  

Syxsense Enterprise delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. Unusual activities originating from API insecurity can be spotted quickly and dealt with. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices. 

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cuba ransomware

Cuba Ransomware: What is it?

By BlogNo Comments

Security is always in principle a conversation of trust. Do you trust the vendors providing your company with products and services? This is a question which every company should be continually evaluating and reevaluating as part of their ongoing security posture maintenance.  

Microsoft is the latest example of a company providing trust to entities, wherein that trust was abused, through no major fault of their own. As early as August 2022, a small set of accounts within Microsoft’s Hardware Developer platform began using their trusted authority to sign drivers which contained malicious code. The payload of this code has been found to effectively disable security platforms on an endpoint basis. With the endpoint security tools disabled, malware payloads can then propagate freely across an enterprise network, preparing for, and then executing on a set of commands which cryptographically lock down the contents of end user devices. The originator of the malware then sends a trigger sequence, turning the lock on the encryption mechanism, removing access to the end user, then presenting them with a ransomware demand. This ransomware has been named Cuba, after the cyber-crime organization (not related to the nation of Cuba) responsible for its dissemination.  

Malicious drivers are traditionally classified as trojan horse attacks. An end user experiences a problem with their computer. To solve the problem, they search the internet for an answer, and click a link providing a download which promises to fix a malfunctioning driver causing the original problem. Once installed, that driver then executes code providing unapproved access to the device.  

But the Cuba Ransomware is more sophisticated. Rather than relying on an end user going outside of the traditional support channels for help, the Cuba Ransomware relies on a supply chain breach, using a reasonably assumed trust which most companies give to one of the world’s largest software vendors, Microsoft, to provide their payload. They were able to do this by utilizing signing certificates stolen as part of the Lapsus$ group’s targeted attack of Nvidia back in February. These same leaked signing certificates were never removed from Microsoft’s Hardware Developer Program and were therefore available for Cuba to use in their supply chain attack.  

To read the full Cybersecurity Advisory on Cuba Ransomware released by CISA, click here.

Why You Should Care 

In the context of the Cuba ransomware event, your company can do everything correctly and still be a victim by simply installing recommended drivers from Microsoft (which is a perfectly reasonable thing to do). This is why supply chain attacks are so powerful.   

As of the writing of this article, Microsoft has removed the fraudulently signed drivers, and the accounts responsible for signing them within their Hardware Developer Program.  If no one in your organization has performed any kernel driver updates within the last few months, then this attack may not be relevant to your organization. That said, the number of companies that can definitively say that they have not performed kernel driver updates within the last 6 months is vanishingly small. Again, this is the power of supply chain attacks. That being the case, it is safe to assume that there is a non-trivial chance that your organization has had the Cuba Ransomware driver compromise imbedded somewhere in your environment.  

To their credit, Microsoft has added the affected kernel driver versions to their blacklist, which helps ensure that these malicious drivers don’t end up on your devices in the future, and existing versions are now being removed as part of standard OS patching. But, for those environments still affected, the Cuba Ransomware group has a potentially viable link into your environment which they can use to inflict severe damage to your company.  

And Cuba has been busy.  

According to the United States Cybersecurity and Infrastructure Security Agency (CISA), the Cuba Ransomware group has successfully disrupted operations at 101 organizations since August 2022, 65 of which are within the United States. From these 101 organizations, the Cuba Ransomware Group has extracted $60,000,000 dollars in extortion payments.   

How Syxsense can Help 

Syxsense can help keep your organization safe from this supply chain attack in two distinct ways. First, our vulnerability scanning tool can alert your team to existing possible Cuba related breaches using a process called indicator of compromise detection (IoC). IoC detections are small scripts that analyze configuration files, device driver versions, and other aspects of a device’s operating system to see if the OS matches a known state associated with the supply chain attack. Using these IoC’s your organization can then determine if the Cuba ransomware attack is a relevant concern to your organization.  

Additionally, Syxsense can also facilitate the standard deployment of Microsoft patches, ensuring that the latest set of patch Tuesday updates are applied to your environment universally.  

Between these two mechanisms, your organization can have confidence that the Cuba ransomware is not currently present in your environment, and that the ransomware won’t be present in the future.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
cybersecurity

Cybersecurity Job Crisis Worsens 

By BlogNo Comments

It has become increasingly apparent in recent years that more cybersecurity professionals are needed urgently. But the pace at which new people are trained is tortoise-like in comparison to the hare-like pace of cybercrime. And unlike the popular children’s story, the tortoise isn’t likely to win over a longer race. The bad guys show no signs of slowing down and appear to have the stamina to maintain the speed of malware distribution, or even accelerate it.  

But the shortage of security workers isn’t going to abate anytime soon. There are currently more than 1.1 million working in cybersecurity in the US. that may seem impressive. Yet there are currently more than 750,000 job openings with many of them unlikely to be filled for some time to come.  

Understandably, there are a great many industry initiatives ongoing to combat this staffing crisis. The White House launched a National Apprenticeship Week in November along with various supporting programs. The InfoSec Institute has stepped up its efforts to train a new workforce and reskill existing workers. These efforts aim to change alarming trends in the talent pipeline.  

For example,  computer science is being studied by 5.6% of high school students despite being offered by more than half of all U.S. high schools. We need state and local governments to incentivize schools to further incorporate (and even mandate) computer science courses. By doing so, more young people will possess a baseline of tech competencies, bolstering talent pipelines. 5.6% may be shockingly bad, yet it is up from 4.7% only a year ago. Clearly, progress is being made, but not at the speed necessary to fill the cyber-skills chasm.  

Further efforts include the development of industry career paths that go beyond the traditional focus of degrees. This includes Community College programs and training people on industry credentials to take up entry level positions in cybersecurity.  

Hiring practices, too, are being asked to change their usual requirements. Almost every entry-level position in cybersecurity demands a degree in IT or security. Many also ask for certifications and several years of experience. With the current job shortage, setting the bar much too high may be one big reason for lack of applicants. The fight over unicorn candidates is one ramification of this. While bidding wars go on for a select few highly qualified and experienced individuals, the industry has a dearth of promising newcomers. It could be likened to all NBA teams fighting over one superstar such as Lebron James and utterly neglecting any other standard player recruitment practices and largely ignoring new draft picks.  

The Applicant Tracking Systems (ATS) used by HR may also be contributing to the problem. These systems work primarily based on certain parameters and keywords. If someone doesn’t have X degree, or Y certificate, they are automatically excluded. Their resume is never viewed by human eyes. If they have no experience in the workforce, ATS disqualifies them. Yet sitting there might be a diamond in the rough. Should anyone take the time to peruse the resume, they would discover that the person has been developing applications since they were 10 years old, or won an award at a Black Hat conference as a teenager.  

Additional actions being encouraged are continuous training of IT staff in security and other parts of the workforce. The more certifications that existing staff obtain, the better off the industry as a whole becomes.  

Automation  

These efforts are all laudable and vitally necessary. But it becomes increasingly apparent with each passing day. That the world of security will have to get used to doing far more with far fewer people. That is where automation comes in. IT security can no longer consist of manually intensive labor or troubleshooting actions that consume hour after hour trawling through logs in an attempt to find a cybercriminal needle in the infrastructural haystack.  

Nor is it appropriate to rely on veteran staffers to gaze solve all our cybersecurity woes. Granted, there are some superstars out there who have an intuitive ability to zero in on the root cause of security issues. But dependence on the few only plays into the hands of the criminal fringe. These talented individuals may soon be up for retirement. They are likely to be headhunted by other organizations overly focused on attracting unicorns. In any cases, as IT and multi-cloud environments grow in size and complexity, there are just too many inputs, too many logs, and too many workloads to manage security threats manually.  

It takes end-to-end automation to take care of modern IT security. Such automation not only encompasses detection of potential issues. It must also address remediation. Syxsense provides security services that automatically take care of functions such as endpoint management, mobile device management, patch management, vulnerability scanning, and remediation. In patch management, for example, Syxsense guarantees to test and critical patches within four hours of their release. It automatically deploys patches based on a priority system to safeguard all organizational systems and devices by providing the correct updates and patches. And it provides end-to-end integrated automation a cross its suite of endpoint and security management tools.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
server

Dealing with the OpenSSL Vulnerability

By BlogNo Comments

The OpenSSL vulnerability is big news. Why? This one is the OpenSSL bug with the highest level of risk since the infamous Heartbleed way back in 2014. It has since resulted in the release of two common vulnerabilities and exposures (CVEs). This is important when you consider that OpenSSL isa very large software code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is widely used by just about any application. Its purpose is to secure communications over computer networks and protect them from eavesdropping or any need to identify the party at the other end. It is heavily used by Internet servers and most HTTPS websites.  

CVE-2022-37786 and CVE-2022-3602 both concern a buffer overrun that can be triggered in X.509 certificate verification, specifically in name constraint checking. This happens after certificate chain signature verification and requires either a signed malicious certificate or for an application to continue certificate verification despite failure to build a path to a trusted issuer. As a result, an attacker can craft malicious email addresses in certificates to overflow a certain number of bytes. This buffer overflow can result in denial of service.  

The good news is that these vulnerabilities have been downgraded from critical to high risk (though they are still serious) due to the fact that many platforms implement stack overflow protections to mitigate against this kind of remote code execution. The risks posed by these vulnerabilities can be further mitigated based on the stack layout for different platforms and compilers. That doesn’t mean there is no urgency. Users should upgrade to a new OpenSSL version (OpenSSL 3.0.7) as soon as possible. 

Not Another Heartbleed   

The initial panic on this one has subsided somewhat since security researchers realized it was not so devastating as what happened with Heartbleed 8 years ago. Heartbleed enabled malicious users to trick vulnerable web servers into sending sensitive information, including usernames and passwords. It caused complete devastation in its heyday. Some analysts said that it affected roughly one in every six SSL servers. Part of the problem was that certain requests within OpenSSL, at that time, weren’t checked for accuracy. This meant that attackers could easily trick an SSL server into allowing malicious access to parts of its memory that should have been kept secure. By letting an attacker see the contents of a memory buffer containing sensitive information, for example, they could sometimes gain the SSL private keys to allow decryption of secure communications as well as usernames and passwords. You can read more about it and what Heartbleed did to enterprise systems in CVE-2014-0160. That vulnerability ended up costing organizations around the world as much as half a billion dollars according to some estimates due to the need to revoke and replace SSL certificates.  

Heartbleed is Still Being Hacked 

Despite it being so old and so virulent, hackers continue to exploit Heartbleed. There are still servers around that have not yet installed the patch that fixes the bug. How many? SANS Institute figures put the number of servers that remain vulnerable at close to a quarter of a million in late 2020. It may have come down somewhat since then. Nevertheless there are still a lot of servers out there that remain vulnerabule to a prehistoric bug.  

This fact makes it clear that organizations need all the help they can get when it comes to fixing known vulnerabilities. Systems should be scanned to find any and all servers that are vulnerable to the latest OpenSSL vulnerability. But they should also check for any remaining Heartbleed issues, too. The CVEs cover the various steps required for remediation. But the basic action is to deploy the necessary patches as soon as possible.  

Syxsense takes the uncertainty out of patch deployment. It scans all servers, endpoints, and systems for vulnerabilities and automatically deploys patches anywhere and everywhere across the network to fix serious issues fast. It can take care of OpenSSL issues rapidly. After a rapid setup, administrators can rely on it to patch systems thoroughly and fast.  

For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Cyber Insurance Rates Climb and Refusals Multiply

By BlogNo Comments

The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.  

Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times. 

While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).  

The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages. 

Tough Requirements  

The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.  

Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal. 

Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.  

Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.  

 Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.  

Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Need for Speed in Patch Deployment

The Need for Speed in Vulnerability Detection and Patch Deployment

By BlogNo Comments

“I feel the need, the need for speed,” is a famous line from the movie Top Gun. Back then it referred to fast airplanes. But it could equally apply to vulnerability management. The pace with which IT department detect breaches, deploy patches, and conduct vitally needed remediation actions leaves a lot to be desired. Cyber-attackers could be likened to a Top Gun F14 jet compared to IT’s vulnerability management horse and cart.

With so many reports of breaches, cyber-attacks, and successful ransomware attempts, it would be reasonable to assume that organizations would have scrambled to shore up their defenses – that they would be diligently improving the efficiency of their processes to detect potential vulnerabilities and initiate remediation efforts. Yet the oppositive appears to be true. Enterprises are failing badly to keep up with cyber-attackers.  

This data comes from the Ponemon Institute. It investigated the state of vulnerability response in the enterprise. Key findings included the fact that the severity and volume of cyberattacks is increasing yet most organizations are not doing a thorough or timely job detection and prevention.  

Here are some of the key findings:  

  • 39% said their organizations were aware that actual breaches were linked to known vulnerabilities.  
  • 50% didn’t believe their detection capabilities were fast enough.  
  • 56% didn’t give a good rating to their ability to patch in a timely manner.  
  • Most organizations lack awareness of vulnerabilities that could lead to a data breach.  
  • On average, it takes 43 days to see a cyberattack once a patch is released for a critical or high priority vulnerability.  
  • Organizational patching processes are under greater pressure because they have less time to patch vulnerabilities before being attacked.  
  • Silo and turf issues were cited as reasons for delays in patching. 88% said their team was not fully responsible for patching vulnerabilities and must coordinate with other teams. This adds 12 days to existing patching processes.  
  • CVSS scoring is often the only metric of patch prioritization and leaves out asset criticality and systems as a part of vulnerability response.  
  • The reasons why vulnerability patching was delayed included lack of resources, no common view of applications and assets, and inability to take critical applications and systems off-line so they can be patched quickly.  
  • Respondents believed attackers are outpacing their organizations with such technologies as machine learning/artificial intelligence.  
  • Too much time is spent navigating manual processes rather than responding to vulnerabilities.  

The Importance of Automation  

The study stressed the importance of automation as a means of improving patch management and vulnerability detection. Organizations that use automation noted that it helped them become better at patching.  

However, only 44% of organizations are using automation to assist with vulnerability management and patching. They typically use automation mostly for prioritization and patch deployment. Yet there are so many other ways automation could be used to enhance cybersecurity.  

Ponemon Institute findings were unequivocal. Patching prevents data breaches. Yet half of respondents had suffered one or more data breaches over a two-year period. 60% agreed that these breaches would not have occurred if an available patch had been applied. The vulnerability was known and a patch had been issued – yet it had not been implemented.  

Automation would certainly help speed patch deployment. It can take six weeks or more on average for organizations to patch a high priority vulnerability after a patch has been released. For medium or low priority vulnerabilities, the time factor stretches to 151 days. The time taken to patch critical security flaws is bad enough. But five months for medium priority vulnerabilities is asking for trouble. Cybercriminals have even developed tactics whereby they launch multi-faceted attacks that hit high, medium, and low vulnerabilities simultaneously. They know that many organizations pay the most attention to vulnerabilities with a higher rating. So, they go after lower priority vulnerabilities simultaneously as they look for a way into the enterprise.   

Syxsense provides fully automated vulnerability detection and patch management technology. Our advanced detection logic scans your network and identifies devices with missing updates. It provides organizations with the ability to close the time between identification and containment and spot critical threats early to enable instant deployment of remediation actions. 

For more information visit www.Syxsense.com  

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Ransomware Aftershocks: August Third-Party Patch Update

By News, Patch ManagementNo Comments
[vc_single_image image=”12822″ img_size=”medium”]

Ransomware Aftershocks

Even after remediation, the effects of ransomware can still be felt. The feelings of security have been stripped away and replaced with a nauseating sensation of vulnerability.

A public TV and radio station in San Francisco, KQED, knows this feeling. After being infected with ransomware demanding 1.7 bitcoin per PC, the FBI advised wiping the infected computes.

Even a month after the attack, the station is still doing work to fix the affected machines. But what has also been a surprise is the damage was to more than just their data. The wireless network and email servers went down at their headquarters, so they moved operations to UC Hastings. It has interrupted all levels of work, from broadcast to hiring of new employees.

This radio station isn’t the only company reeling long after a ransomware attack. Fedex has been reported as saying that was affected by NotPetya and that some damage was permanent. It’s expected that this business interruption will create significant decreases in revenue.

[vc_single_image image=”12386″ img_size=”200×200″]

The most effective way to protect yourself and your business against disaster is keeping your systems up to date. Malware relies on the idea that people won’t keep their software 100% up to date. And for good reason, keeping everything updated can be a nightmare. But utilizing a solution like Syxsense can simplify everything. CMS can show you at a glance which devices have out of date software. You can then quickly build a task to deploy needed updates.

Come check out Syxsense with a free trial today!

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

 

 

Product Category Patch
Chrome Web Browser Chrome_v59.0.3071.134
Wireshark Network Protocol Analyzer Wireshark_v2.4
Firefox Web Browser Firefox_v54.0.1
Glary Utilities PC cleanup Glary_v5.80.0.101
Trillian Instant Messenger Trillian_v6.0 Build 60
WinSCP SFTP, SCP, and FTP client for Windows WinSCP_v5.9.6
WinMerge Open source differencing and merging tool for windows. WinMerge_v2.14
MediaMonkey Media manager MediaMonkey_v4.1.17.1840
PuTTY SSH and Telnet for windows and unix. PuTTY_v0.70
Foobar2000 Audio Player Foobar2000_v1.3.16
Java Programming language Java_v8u141
KeePass Password Safe KeePass_v2.36
Foxit Reader PDF reader FoxitReader_v8.3.1
FileZilla FTP solution FileZilla_v3.27.0.1
Paint.net Image editing software Paint.net_v4.0.17
iTunes Media player iTunes_v12.6.2
Adobe Reader DC Pdf reader AdobeReaderDC_v17.009.20058
Shockwave Multimedia platform Shockwave_v12.2.9.199
Flash Multimedia platform Flash_v26.0.0.137
AIR Runtime Code Distribution AIRRuntime_v26.0.0.127

 

Patch Details
Chrome_v59.0.3071.134 Includes bug fixes, security updates, and feature enhancements.

 

Wireshark_v2.4 Large number of new and updated features. New and updated protocol support. Major API changes. New and updated capture file support.

 

Firefox_v54.0.1 Now uses multiple operating system processes for web page content to increase speed and stability. Fixes: Display issue of tab title. Display issue of opening new tab. Display issue when opening multiple tabs. Tab display issue when downloading files. PDF printing issue. Netflix issue on linu.

 

Glary_v5.80.0.101
Optimized Disk Cleaner: added support for ‘PerfectDisk 13.0’ and ‘Adobe Reader 7.0

Optimized Tracks Eraser: added support for ‘Nero Burning ROM 15’ and ‘AceHTML 6 Pro

Optimized Quick Search: optimized the path sorting algorithm, and speed up by 100%

Minor GUI improvements

Minor bug fixes

Trillian_v6.0 Build 60 Fixed:

Media: Media may not correctly send if DNS is incorrectly set up.

Message Window: History messages may incorrectly duplicate in the window from previous versions of Trillian.

 

WinSCP_v5.9.6 Hotfix. German translation updated.

·  Back-propagated some improvements and fixes from 5.10-5.10.2 beta releases:

  • SSH core and private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.69. It brings the following change:
    • WinSCP should work with MIT Kerberos again, after DLL hijacking defences broke it.
  • TLS/SSL core upgraded to OpenSSL 1.0.2l.
  • Allow using 64-bit version of PuTTY (and its tools), when available. 1522
  • XML parser upgraded to Expat 2.2.1.
  • Bug fix: Scripting open command without arguments issued irrelevant warning about use of stored site.
  • Bug fix: Generated code uses TransferOptions.Speed instead of TransferOptions.SpeedLimit. 1543
WinMerge_v2.14 Improvements

  • Improve startup time
  • Improve editing of linefilter regular expressions
  • Improve color options organization

Other changes

  • Update PCRE to version 8.10
  • Update SCEW to version 1.1.2
  • Add menuitems for selecting automatic or manual prediffing
  • Add accelerator keys for Shell context menu
  • Allow editing context line count in patch creator
  • Add /xq command line switch for closing WinMerge after identical files and not showing message
  • Allow setting codepage from command line
  • Allow giving encoding name as custom codepage
  • Add new options dialog panel for folder compare options
  • Add options GUI for quick compare limit
  • Write config log as UTF-8 file

Bugs fixed

  • Untranslated string (“Merge.rc:nnnn”) was displayed in status bar
  • Pane headers not updated after language change
  • Quick contents compare didn’t ignore EOL byte differences
  • Compare by size always checked file times too
  • Crash when pasting from clipboard
  • Keeps verifing path even turned off in options
  • Crash after deleting text
  • Added EOL chars between copied file/path names
  • Created new matching folder to wrong folder
  • Strange scrolling effect in location pane
  • Plugin error after interrupting folder compare
  • “+” and “-” from the number block don’t work in the editor
  • Date format did not respect Regional Settings
  • Shell extension used unquoted program path

New Translation

  • Basque

Translation updates

  • Hungarian
  • Turkish
  • Russian
  • Norwegian
  • Danish
  • Dutch
  • Slovenian
MediaMonkey_v4.1.17.1840 Various bug fixes and updates.

 

PuTTY_v0.70 Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even a name we missed when we thought we’d fixed this in 0.69. See vuln-indirect-dll-hijack-3.

Windows PuTTY should be able to print again, after our DLL hijacking defences broke that functionality.

Windows PuTTY should be able to accept keyboard input outside the current code page, after our DLL hijacking defences broke that too.

 

Foobar2000_v1.3.16 Fixed horrible, horrible bug with inverted checkmarks in advanced preferences at 150% text size.

Network streaming: added handlers for more HTTP redirect codes.

Fixed foobar2000 process not setting its working directory to its installation location on startup.

FLAC tagging fixes.

 

Java_v8u141 Fixing of bugs and updates to features.

 

KeePass_v2.36 New Features:

  • Added commands ‘Find Duplicate Passwords’ and ‘Find Similar Passwords’ (in ‘Edit’ -> ‘Show Entries’), which show entries that are using the same or similar passwords.
  • Added command ‘Password Quality Report’ (in ‘Edit’ -> ‘Show Entries’), which shows all entries and the estimated quality of their passwords.
  • Added option ‘String name’ in the ‘Edit’ -> ‘Find’ dialog (for searching entries that have a specific custom string field).
  • Added option for using a gray tray icon.
  • Added {CMD:/…/} placeholder, which runs a command line.
  • Added {T-CONV:/…/Raw/} placeholder, which inserts a text without encoding it for the current context.
  • Added optional ‘Last Password Modification Time (Based on History)’ entry list column.
  • The internal text editor now supports editing PS1 files.
  • The position and size of the internal data viewer is now remembered and restored.
  • For various dialogs, the maximized state is now remembered and restored.
  • Added configuration option for specifying an expiry date for master keys.
  • Added configuration option for specifying disallowed auto-type target windows.
  • Added workaround for Edge throwing away all keyboard input for a short time after its activation.
  • Added workaround for Mono not properly rendering bold and italic text in rich text boxes.
  • TrlUtil now performs a case-sensitive word validation.

Improvements:

  • The password input controls in the IO connection dialog and the proxy dialog now are secure edit controls.
  • The icon of the ‘Save’ command in the main menu is now grayed out when there are no database changes (like the toolbar button).
  • Auto-Type: improved support for target applications that redirect the focus immediately.
  • Auto-Type: improved compatibility with VMware vSphere client.
  • When an error occurs during auto-type, KeePass is now brought to the foreground before showing an error message box.
  • Entries in groups where searching is disabled (e.g. the recycle bin group) are now ignored by the commands that show expired entries.
  • Improved scrolling when moving entries while grouping in the entry list is on.
  • Improved support for right-to-left writing systems.
  • Improved application and system tray icon handling.
  • Updated low resolution ICO files (for Mono development).
  • Moved single-click tray icon action option from the ‘Integration’ tab to the ‘Interface’ tab of the options dialog.
  • Synchronization file path comparisons are case-insensitive now.
  • Improved workaround for Mono clipboard bug (improved performance and window detection; the workaround is now applied only if ‘xsel’ and ‘xdotool’ are installed).
  • Enhanced PrepMonoDev.sh script.
  • KPScript: times in group and entry lists now contain a time zone identifier (typically ‘Z’ for UTC).
  • Various code optimizations.
  • Minor other improvements.

Bugfixes:

  • The drop-down menu commands in the entry editing dialog for setting the expiry date now work as expected.

 

FoxitReader_v8.3.1 New Feature and Improvements:

Easy and Secure File-sharing

Provides a plugin to share your file by generating a file link and sending it via email or to social media, under your full control by advanced settings to share content quickly, easily, and securely.

Some ease of use enhancements.

 

Issues Addressed:

Fixed some issues that could cause Foxit Reader launch slowly.

Fixed some security and stability issues. Click here for details.

 

FileZilla_v3.27.0.1 Bugfixes and minor changes:

MSW: Add missing file to .zip binary package

MSW: Fix toolchain issues breaking the shell extension

 

Paint.net_v4.0.17
  • Added: “Fluid mouse input” option in Settings -> UI -> Troubleshooting. If you see major glitches while drawing, try disabling this.
  • Improved: Default brush size, font size, and corner radius size now scales with major DPI scaling levels (brush size of 2 at 100% scaling, brush size of 4 at 200% scaling, etc)
  • Improved: Default image size now scales with major DPI scaling levels (800×600 at 100%, 1600×1200 at 200%, etc.)
  • Improved performance and drawing latency by removing explicit calls to System.GC.Collect() except when low memory conditions are encountered
  • Improved performance by greatly reducing object allocation amplification by reducing the concurrency level when using ConcurrentDictionary, and by removing WeakReference allocations in favor of direct GCHandle usage
  • Improved: Performance and battery usage by ensuring animations always run at the monitor’s actual refresh rate
  • Improved (reduced) CPU usage when moving the mouse around the canvas
  • Removed: “Hold Ctrl to hide handle” from the Text tool because it was not useful and caused lots of confusion
  • Fixed: Various high-DPI fixes, including horrible looking mouse cursors caused by a bug in the latest .NET WinForms update
  • Fixed: Gradient tool no longer applies dithering “outside” of the gradient (in areas that should have a solid color)
  • Fixed: Very slow performance opening the Effects menu when lots of plugins are installed after installing the Windows 10 Creators Update
  • Fixed: When cropping and then performing an undo, the scroll position was totally wrong
  • Fixed a rendering glitch in the Save Configuration dialog (it would “wiggle”)
  • Fixed: At certain brush sizes, the brush indicator on the canvas had a visual glitch in it due to a bug in Direct2D
  • Fixed: Text tool buttons for Bold, Italics, Underline were not localized for a few languages
  • Fixed a rare crash in the taskbar thumbnails
  • Fixed: Drawing with an aliased brush and opaque color (alpha=255) sometimes resulted in non-opaque pixels due to a bug in Direct2D’s ID2D1RenderTarget::FillOpacityMask
  • Fixed: “Olden” effect should no longer cause crashes (it still has some rendering artifacts due to its multithreading problems, however)
iTunes_v12.6.2 This update is designed for high DPI displays so text and images appear sharper and clearer. It also includes minor app and performance improvements.

 

AdobeReaderDC_v17.009.20058 This release puts in place the infrastructure for simplifying the sign-in process within Acrobat & Reader. This enhancement will be rolled out for Acrobat and Reader users in near future.

 

Shockwave_v12.2.9.199 Fixes a critical memory corruption vulnerability that could lead to code execution.

 

Flash_ v26.0.0.137 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

AIRRuntime_v26.0.0.127 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]