Skip to main content
Tag

third-party patch update

|||

Third-Party Patch Update: September 2018

By News, Patch Management

Virobot Will Return

Cybersecurity firm Trend Micro has identified a new malware, Virobot. While it doesn’t appear to be connected to a previous strain of ransomware, it uses familiar techniques.

However, Virobot is ransomware, keylogger, and botnet all in one.

The ransomware infects the device and locks it down. While waiting for the ransom payment, it can then log key strokes, pull down additional ransomware to install, and use the device as a bot to spread itself.

As of the writing of this article, the Virobot C&C server was down. Thanks to previous examples, we can infer that this was likely only a test. Cyber actors will test out their capabilities in such a way to prepare for a larger attack later.

Will you be prepared for when that happens?

Ready for Anything

Use Syxsense to survey your environment and rapidly deploy any needed updates. On the home page, you can quickly see which devices require critical updates.

By clicking on the gadget, you’ll jump right into a patch deployment process, pre-populated to deploy all critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

Third-Party Patch Updates

Below is a table of third-party updates:

Vendor Category Patch Version and Release Notes:
Adobe Media Software  

Flash and Air: v31 – https://helpx.adobe.com/flash-player/release-note/fp_31_air_31_release_notes.html

 
Apple Media Software  

iTunes: v12.9.0.167 – https://en.wikipedia.org/wiki/History_of_iTunes#iTunes_12

 
Evernote  

Evernote: v6.15.3.7881 – https://evernote.com/security/updates

 
FileZilla FTP Solution  

FileZilla: v3.37.0 – https://filezilla-project.org/versions.php

 
Google Browser  

Chrome: v69.0.3497.100 – https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-chrome-os.html

 
KeePass Password Manager  

KeePass: v2.40 – https://keepass.info/news/n180910_2.40.html

 
Mozilla Browser and Email Application  

Firefox: v62.0.2 – https://www.mozilla.org/en-US/firefox/62.0.2/releasenotes/

 
RealVNC Remote Access Software  

RealVNC Viewer: v6.18.907 – https://www.realvnc.com/en/connect/docs/desktop-release-notes.html

 
VSRevo Group  

Revo Uninstaller Pro: v4.0 – https://www.revouninstaller.com/revo_uninstaller_pro_full_version_history.html

 
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 25, 2018
Love0
|||||||

Third-Party Patch Update: August 2018

By News, Patch Management

Chrome Vulnerability Endangers Your Private Data

A vulnerability has been found within Chrome that would allow actors to access information stored by other web platforms, such as major data hoarders Facebook and Google.

CVE-2018-6177 was uncovered by Ron Masas, a security researcher from Imperva, and reported to Google. “With several scripts running at once — each testing a different and unique restriction — the bad actor can relatively quickly mine a good amount of private data about the user,” Masas said.

With their latest release, v68.0.3440.106, Google says the issue has been fixed. At the time of writing this article, there are no known active exploits of this vulnerability.

We recommend you update to the latest version of Chrome immediately.

Use Syxsense to inventory your environment and rapidly deploy any needed updates. On the home screen, you can quickly see which devices require critical updates.

By clicking on the graph, you’ll jump right into a patch deployment process, prepopulated to deploy critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

Third-Party Patch Updates

Below is a table of third-party updates:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat DC: v18.011.20058 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousaug2018.html#dccontinuousaugusttwentyeighteen

 

Acrobat DC: v17.011.30099 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic17.011aug2018.html#dc17-011augusttwentyeighteen

 

Acrobat DC: v15.006.30448 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic15.006aug2018.html#dc15-006augusttwentyeighteen

 

Flash Player Plugin and ActiveX: v30.0.0.154 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html#fixed_issues

 

 N/A
Apple Media Software  

iTunes: v12.8.0.150 – https://support.apple.com/kb/dl1814?locale=en_US

 

  

N/A
Don Ho  

Notepad++: v7.5.8 – https://notepad-plus-plus.org/news/notepad-7.5.8-released.html

 
Evernote  

Evernote: v6.14.5.7671 – https://evernote.com/security/updates

 
FileZilla FTP Solution  

FileZilla: v3.35.2 – https://filezilla-project.org/versions.php

 

 N/A
GNOME Foundation Image Processing and Editing  

GIMP: v2.10.6 – https://www.gimp.org/release-notes/gimp-2.10.html

 
Google Browser  

Chrome: v68.0.3440.106 – https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html

 

 N/A
KeePass Password Manager  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html

 
Mozilla Browser and Email Application  

Firefox: v61.0.2 – https://www.mozilla.org/en-US/firefox/61.0.2/releasenotes/

 

Thunderbird: v60.0 – https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/

 
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 28, 2018
Love0
|||

Third-Party Patch Update: June 2018

By News

Third Party Software Updates: June 2018

Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses.

These devices can be exploited thanks to two common IoT issues; IoT devices do not require authentication for connections received on a local network and because HTTP is more prevalent to control embedded devices.

These vulnerabilities could enable anyone to “virtually map” your network, which has much wider consequences such as DoS (Denial of Service) to your most critical infrastructure, disrupting your end user experience or potentially planning much more sophisticated cyber warfare.

Just imagine what could happen if a hacker could learn the OS host name & IP information for all your servers.

Both Roku and Sonos are actively working to resolve these issues, but updates will be necessary to secure your devices.

Start a trial with Syxsense and see if these devices are in your network.

Third-Party Patch Updates

Below is a table of third-party updates from June 2018: 

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

AIR: v30.0.0.107 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

 

Flash Player: v30.0.0.113 – https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

 

 N/A
Citrix  

Citrix Receiver: v4.12 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 
Evernote  

Evernote: v6.13.13.7425 –

 
FileZilla FTP Solution  

FileZilla: v3.34 – https://filezilla-project.org/versions.php

 

 N/A
Google Browser  

Chrome: v67.0.3396.99 – https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-chrome-os_26.html

 

 N/A
 

Malwarebytes

 Antivirus  

Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/

 
Mozilla Browser and Email Application  

Firefox: v60.0.2 – https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/

 
Peter Pawlowski Audio Player  

Foobar2000: v1.4 – https://www.foobar2000.org/changelog

 
Uvnc bvba Remote Access Tool  

UltraVNC: v1.2.2.1

 
WinSCP SFTP, SCP, and FTP client  

WinSCP: v5.13.3 – https://winscp.net/eng/docs/history

 
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 27, 2018
Love0
|||||

Third-Party Patch Update: April 2018

By News

Cisco Patches Vulnerability in WebEx

Cisco has just released a CVSS 9 rated update for its WebEx software. In their own words, the unpatched vulnerability “could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.”

The malicious party would share a Flash file via WebEx’s sharing capabilities to gain control of targeted devices.

So what is the best option here? We recommend rolling out the update or removing WebEx. Syxsense can facilitate whichever approach is best for your situation.

Our patch management solution can easily identify which devices are running the WebEx software. From there, setting up a task to deploy the updates is incredibly straight forward.

If you decide to remove WebEx, it’s almost exactly the same process, but at the last step, you select “Uninstall” instead of ‘Install.”

Use an IT management solution that works with you, not against you. Syxsense offers a simple, but powerful approach to patching. Automatically keeps desktops, laptops and remote users up-to-date with patches and software updates.

Start a free trial of Syxsense today.

Third-Party Patch Updates

Below is a table of third-party updates from April 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

ActiveX: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

Flash Player Plugin NPAPI: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

Flash Player Plugin PPAPI: v29.0.0.140 – https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

 

 N/A
 

 
Evernote Corporation  

Evernote: v6.11.2.7027 – https://evernote.com/download

 

 N/A
FileZilla FTP Solution v3.32 – https://filezilla-project.org/versions.php

 

 N/A
Google Browser  

Chrome: v66.0.3359.117 – https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

 

 N/A
 

Malwarebytes

 

 Antivirus  

Malwarebytes: v3.4.5.2467 – https://www.malwarebytes.com/support/releasehistory/

 
Oracle  

JavaJRE and JDK: v8u172 – http://www.oracle.com/technetwork/java/javase/8u172-relnotes-4308893.html

 
Wireshark Network Protocol Analyzer  

2.4.6 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html

 

 N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
April 24, 2018
Love0
|||

Third-Party Patch Update: March 2018

By News

Will the IoT bankrupt your business?

Research on the Internet of Things is not painting a pretty picture. According to research firm Gartner, approximately 20% of organizations have experienced at least one IoT attack in the past three years. There’s also a report from BullGuard showing that 37% of those surveyed had no idea how to protect IoT devices.

The biggest conclusion from this research: businesses are going to spend a lot trying to prevent IoT-based attacks. Gartner’s forecast conservatively estimates that IoT security spending will reach $1.5 billion this year, but will explode to $3.1 billion by 2021.

Compliance is expected to be the primary cost-increasing factor.

It’s believed more regulations will be created, causing more work for IT managers. With the proliferation of IoT devices, reporting for compliance may become nearly impossible.

However, Syxsense has an answer. Our Device Discovery feature can already detect the IoT devices within your environments. And with our comprehensive reporting, you can generate easy to understand reports for any compliance need.

Be prepared for the IoT and start a trial of Syxsense today!

Third-Party Patch Updates

Below is a table of third-party updates from March 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

AIR: v29.0.0.112 – https://helpx.adobe.com/flash-player/release-note/fp_29_air_29_release_notes.html

 

Flash Player: v29.0.0.113 – https://helpx.adobe.com/flash-player/release-note/fp_29_air_29_release_notes.html

 

Shockwave Player: v12.3.2.202 – https://helpx.adobe.com/shockwave/release-note/release-notes-shockwave-12.html

 

 N/A
Don Ho  

Notepad: v7.5.6 – https://notepad-plus-plus.org/news/notepad-7.5.6-released.html

 

 N/A
Evernote Corporation  

Evernote: v6.10.3.6921 – https://evernote.com/download

 

 N/A
FileZilla FTP Solution v3.31 – https://filezilla-project.org/versions.php

 

 N/A
Google Browser  

Chrome: v65.0.3325.184 – https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_23.html

 

 N/A
 

Irfan Skiljan

 

 IrfanView: v4.51 – https://www.irfanview.com/main_history.htm
 

Malwarebytes

 

 Antivirus  

Malwarebytes: v3.4.4.2398 – https://www.malwarebytes.com/support/releasehistory/

 
Mozilla Brower and Email Client  

Firefox: 59.0.2 – https://www.mozilla.org/en-US/firefox/59.0.2/releasenotes/

 

Thunderbird: 52.7.0 – https://www.mozilla.org/en-US/thunderbird/52.7.0/releasenotes/

 

 N/A
 

The Document Foundation

 

 LibreOffice: v6.0.2 – https://www.libreoffice.org/download/release-notes/
 

 

VSRevoGroup

  

RevoUninstallerFree: v2.0.5 – https://www.revouninstaller.com/revo_uninstaller_full_version_history.html

 

RevoUninstallerPro: v3.2.1 – https://www.revouninstaller.com/revo_uninstaller_pro_full_version_history.html

 
 

WinSCP

 

 WinSCP: v5.13 – https://winscp.net/eng/docs/history
Wireshark Network Protocol Analyzer  

2.4.5 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.5.html

 

 N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
March 28, 2018
Love0
|||||

Internet of Threats: Third-Party Patch Update

By News

Managing the Risks of IoT

Our definition of a necessary third-party patch is about to get much broader. With more IoT devices connecting to your network, it becomes mandatory to know what’s out there.

Back in May 2017, an 11-year old boy took the stage and showed that cybersecurity is about to get much more difficult. Using a Raspberry Pi, Python, and a Wi-Fi enabled teddy bear, this ‘cyber ninja’ scanned a cybersecurity conference and hacked devices from the audience.

Reuben Paul, the boy in question, tweeted after: “It was fun but I hope people did not miss the message – Secure IoT before the Internet of Toys becomes the Internet of Threats.”

This lesson must not be missed. We must find a way to secure the Internet of Things. Attacks are already being executed taking advantage of the IoT. When an 11-year-old can illustrate the dangers using a teddy bear, it’s time to take a hard look at what any of us are doing to protect our businesses.

We’ve already begun to see the IoT change the way we live and work. As this trend accelerates, solutions need to emerge to protect our privacy.

Syxsense is ready and at the forefront of that battle. Our product is the first of its kind; able to detect and manage devices in the IoT.

Come see the future of IT management and start a trial of Syxsense.

Third-Party Patch Updates

Below is a table of third-party Updates from January 2018:

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Flash, AIR, and ActiveX: 28.0.0.137 – https://helpx.adobe.com/flash-player/release-note/fp_28_air_28_release_notes.html

 

 N/A
Apple Media Software  

iTunes: 12.7.3 – https://support.apple.com/kb/dl1814?locale=en_US

 

Safari: 11.0.3 – https://support.apple.com/en-us/HT208475

 

macOS High Sierra: 10.13.3 – https://support.apple.com/en-us/HT208465

 

 CRITICAL
Don Ho  

Notepad: 7.5.4 – https://notepad-plus-plus.org/news/notepad-7.5.4-released.html

 

 N/A
Evernote Corporation  

Evernote: 6.8.7.6387 – https://evernote.com/download

 

 N/A
FileZilla FTP Solution 3.30 – https://filezilla-project.org/versions.php

 

 N/A
Google Browser  

Chrome: 64.0.3282.119 – https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

 

 N/A
Mozilla Brower and Email Client  

Firefox: 58.0.1 – https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/

 

Thunderbird: 52.6.0 – https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/

 N/A
Oracle  

JavaJDK: 8u162 – http://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html

 

JavaJDK: 9.0.4 – http://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html

 

 N/A
Wireshark Network Protocol Analyzer 2.4.4 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
February 1, 2018
Love0
||

Troll Ransomware: Third-Party Patch Update

By News
[vc_single_image source=”featured_image” img_size=”full”]

What is Troll Ransomware?

This year has had many major ransomware and data breach events. From BitPaymer to the Equifax Hack, when the news hasn’t been dominated by Trump, it’s been focused on cybersecurity.

This has clearly caught the attention of the dark web. In just the past month, many new ‘troll’ ransomware variants have been discovered. These variants mimic some of the major players from this year, such as WannaCry.

The difference, however, is no data gets encrypted. They appear to exist just to cause panic and make the victim believe they are compromised when they really aren’t.

As is common with internet trolls, this creates confusion and frustration. How do you know if you are a victim of WannaCry or just an imposter? And how easy would it be for these trolls to go from upsetting prank to true ransomware attackers?

The best way to protect yourself is to implement a thorough patching strategy. Utilizing a solution like Syxsense facilitates smooth patch deployments. Set up automated patching tasks to ensure that when critical updates are released they get deployed to devices that need them. Patching removes exploits that ransomware tends to target.

Start your free trial with Syxsense today.

[vc_single_image image=”12852″ img_size=”180×180″ alignment=”center”]

November Third-Party Patch Updates

Below is a list of 3rd Party Software Updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash, AIR, and ActiveX: 27.0.0.187 – https://helpx.adobe.com/flash-player/release-note/fp_27_air_27_release_notes.html

 

Shockwave: 12.3.1.201 – https://helpx.adobe.com/security/products/shockwave/apsb17-40.html

 
Apache Word Processor OpenOffice: 4.1.4 – https://blogs.apache.org/foundation/entry/the-apache-software-foundation-announces19

 
Apple Media Software iTunes: 12.7.1 – https://support.apple.com/kb/dl1814?locale=en_US

 
Citrix Data Delivery Receiver: 4.10 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 
FileZilla FTP Solution 3.29 – https://filezilla-project.org/versions.php

 
Foxit PDF Reader Reader: 9.0 – https://www.foxitsoftware.com/pdf-reader/version-history.php

 
Google Browser Chrome: 62.0.3202.97 – https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-chrome-os_15.html

 
Malware Bytes Malware Defender

 

 3.3.1 – https://www.malwarebytes.com/support/releasehistory/

 
Mozilla Brower and Email Client Firefox: 57 – https://www.mozilla.org/en-US/firefox/57.0/releasenotes/

Thunderbird: 52.5.0 – https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/

 
Wireshark Network Protocol Analyzer 2.4.2 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.2.html

 
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
November 29, 2017
Love0