Let's talk shop!
June 2022 Every month, we share a thorough rundown of Patch Tuesday with videos and advice from our experts. Join our thread on Slack – we’ll help you prioritize this month's releases so you can get back to your day faster. Automox-Community Slack (this will expire in 30 days from 6/6)You can also bookmark our Patch Tuesday Rapid Response Center for easy access to our month-by-month patch index. Be sure to sign up for vulnerability alerts, too! Our latest Blog post about this month’s Patch Tuesday vulnerabilities is now live on the Automox home page as well:https://www.automox.com/blog/Patch-Tuesday-june-2022 Be sure to visit the official Automox social media accounts for additional short form videos:YouTubeCVE-2022-30136 CVE-2022-30139 CVE-2022-30163TikTokCVE-2022-30136 CVE-2022-30139 CVE-2022-30163
Hello, I have multiple users experiencing issues with workstation patching. Whenever a user clicks “Reboot Now” when prompted; nothing happens. We can click the “Reboot Now” button multiple times and no response. After waiting for 15-20 minutes; they manually reboot the machine only for Automox to reboot their computer later in the day causing them to lose work. Any ideas on what can be done to prevent this from happening? And has anyone else experienced this issue?
April’s Patch Tuesday drops 129 vulnerabilities – the most we’ve seen since 2020. Join us tomorrow, April 13th at 12 pm ET for a review of this month’s patches and guidance on how to prioritize your remediations fast. Jessica Onorati, Team Lead of Organizational Security, joins our Patch Tuesday experts, Eric Feldman and Adam Whitman, to dive into this month’s announcement.
Happy Tuesday, everybody! While we all recover from another Monday that seemed to have too many hours somehow, let’s talk about a couple of security stories:State Department Announces Bureau of Cyberspace and Digital Policy -- Well, how do you do? This seems pretty important! From the article: “The new cybersecurity bureau reflects the growing importance of cybersecurity in national policy, economy, and defense. The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom, says the State Department.” I think this is a great step, since our previous “administration” did away with some high-ranking positions in cybersecurity.Germany takes down Hydra, world's largest darknet market -- I have to be honest here: on first glance, I figured this was something to do with “the Marvel universe”. In spite of that, I kept reading, as it was super interesting. From the article: “The servers of Hydra Market, t
On Thursday, March 31st, Apple has released patches to fix two zero-day vulnerabilities in macOS, iOS, and iPad OS. This marks the fourth and fifth zero-days of 2022 for the OSs listed above. The vulnerabilities are as follows:CVE-2022-22675: A vulnerability in AppleAVD, Apple’s audio and video decoding framework, affects all three operating systems and may have been actively exploited. When exploited, the vulnerability may allow a threat actor to execute arbitrary code with kernel privileges. CVE-2022-22674: An out-of-bounds read issue with the Intel Graphics Driver that may allow an application to view kernel memory, only affecting macOS. This vulnerability may have also been exploited in the wild.So, why are kernel-related vulnerabilities dangerous? Kernel-related exploitations can be particularly dangerous as the kernel is a central component to operating systems (OS) that connects the physical hardware (CPU, memory, etc.) with the software on the operating system.Apple has release
For those of you that have been following along with the Spring4Shell saga at home, yesterday, CVE-2022-22965 was assigned and published for the critical remote code execution vulnerability in Spring Framework dubbed “Spring4Shell.”A patch was also released by Spring - so upgrade to Spring Framework 5.3.18 or 5.2.20 as soon as possible to remediate CVE-2022-22965. Additional details on the patch and workarounds for those unable to patch immediately can be found on the Spring Blog post.Read all of the past updates about Spring4Shell on the Automox blog: https://www.automox.com/blog/spring-cloud-core-vulnerabilities
Hey, y’all - happy Tuesday! While we were all busy being distracted by ridiculous people on awards shows, there was a lot going on around us. Let’s check out a few stories from world of security news.. CISA warns of attacks targeting Internet-connected UPS devices -- Oh man, that’s an infuriating one. Stay out of my power supply, jerks! I guess some organizations use this for management of the device over the internet, but...it’s just a power supply. If that’s not necessary, go disconnect that thing’s network cable. From the article: “Recommended mitigation measures include finding all UPSs and other emergency power systems on orgs' networks and ensuring they're not reachable over the Internet.” Shutterfly discloses data breach after Conti ransomware attack -- Image provider Shutterfly disclosed this week a ransomware that led to a data breach back in December. That’s bad for folks who work there or use the service, so be sure to update your creds and keep an eye on your credit report/
Happy Tuesday, y’all - and now it’s over because we’re talking about Russia today! Mainly, because I think it’s important to get some eyebrows raised before it’s too late. (<--fun fact: that’s the scariest book I’ve ever read!) Hackers/APTs associated with Russian IPs/groups have already been scanning the networks of US-based companies in the energy, finance, and defense sectors, prompting President Biden to issue his recent warning to American businesses. PLEASE TAKE THIS SERIOUSLY. For a great perspective on all this (and a quick read), check out this blog from our Director of InfoSec/Research.Let’s get diligent, y’all!
Keeping an ear out for new vulnerabilities is part of the daily routine for those of us in the IT/cybersecurity world. But when we see a new one, how do we know if it’s a “drop your coffee and get to it” type of scenario or not? One keyword to help is “zero-day”. Sounds pretty intense. Let’s explain it! What does Zero-Day mean?Zero-day is the identifier for “a vulnerability in a system or device that has been disclosed but is not yet patched.” That’s because, according to Wired, “The term "zero-day" refers to the number of days that the software vendor has known about the hole.” As you can imagine, this can be cause for concern since it can’t be patched, leaving systems vulnerable to exploitation by the bad guys.What can I do in response to a Zero-Day?Unfortunately, it can feel frustrating to see a zero-day when you know there’s no fix to implement. The good news is, even though no patch is released, sometimes there are other actions that the researcher offers to mitigate the possibili
Happy Ides of March, y’all! I guess that’s a bit of an oxymoron, but it’s fine. While we were all eating sandwiches and pretending to work but looking at houses online, a lot of serious security stories broke. As you can suspect, a lot of them have to do with the Russia/Ukraine stuff. Thousands of Secret Keys Found in Leaked Samsung Source CodeOOF. From the article: “The firm’s researchers have yet to determine how many of the exposed keys are valid. However, their analysis showed that 90% are likely associated with internal systems and “can be more challenging for an attacker to use.” On the other hand, the remaining keys — roughly 600 of them — can grant attackers access to a wide range of systems and services.” About 10% of those keys are for external services too, like GitHub and AWS. YikesGerman government advises against using Kaspersky antivirusWell, this is pretty similar to some former warnings about Kaspersky and it’s no surprise. Founder/CEO Eugene Kaspersky raised some ire
Hello Community - Happy Spring! I don’t know if it’s spring quite yet for you, but let’s just pretend like it is. It’s time to review Patch Tuesday, so let’s get right into it! Microsoft had 71 vulnerabilities this month - inline with the 12-month rolling average of 73 per month we’ve seen. Only 3 of these are rated critical. And more good news, no exploited vulnerabilities so far this year! That being said, updates should not be delayed. Apple disclosed multiple vulnerabilities throughout last month requiring updates to iOS, iPad, watchOS and macOS. Since Apple doesn’t discuss or confirm vulnerabilities until they’ve conducted their own investigation, we recommend prioritizing these updates for your organization. Google released Chrome 99, and if you haven’t updated yet, be aware that there is an actively exploited zero-day in Chrome 99. They also released a total of 34 security fixes for the month. Be sure to update your instances of Chrome as soon as possible. Adobe has released upd
Hi, everybody - and Happy International Women’s Day! As someone who was #RaisedByLadies, this one’s near and dear to my heart. I think Adam “MCA” Yauch said it best, way back when I was in high school: “I want to say a little something that's long overdueThe disrespect to women has got to be throughTo all the mothers and the sisters and the wives and friendsI want to offer my love and respect to the end” - “Sure Shot”, 1994 On to some security news!Zero-Click Flaws in Widely Used UPS Devices Threaten Critical InfrastructureFrom the article: “Three critical security vulnerabilities in widely used smart uninterruptible power supply (UPS) devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found.” The words “critical infrastructure” are sadly gonna be the summer hit of 2022, I’ve got $5 on it.Google: Chinese hackers target Gmail users affiliated with US govt
VULNERABILITY UPDATE: Zero-Day RCE Vulnerabilities Released for Mozilla FirefoxVulnerability Update
It’s a two-fer on a Monday! Quick update for a couple of zero-day remote code execution CVEs discovered in Mozilla Firefox. On the AX Blog, our Technical Marketing Engineer, @JessicaS-Automox has put together a breakdown and remediation steps to take.From the blog: “Mozilla released an out-of-band patch for Firefox that addresses two critical vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both are actively exploited in the wild as zero-days. Both are use-after-free issues in the browser’s XSLT processing and WebGPU IPC frameworks, respectively...Given this is an actively exploited zero-day, it’s recommended that IT admins prioritize patching this vulnerability within 24 hours to reduce exposure to malicious actors. For Firefox, Firefox ESR, and Thunderbird, you can fix vulnerabilities fast with Automox by using a patch-all policy for Windows and Mac (which will patch every third-party software we support on these OSes). Patch all policies ensure you fix vulnerabilities fast in th
Well, what would a Monday morning be without some vulnerabilities to talk about? Over on the Automox Blog, @Peter-Automox has a breakdown of “Dirty Pipe” - a newly-disclosed kernel-level vulnerability in the Linux OS.From the AX blog: “Dirty Pipe is a vulnerability in the Linux Kernel disclosed Monday morning. Dirty Pipe, or CVE-2022-0847, allows overwriting data in arbitrary read-only files. This can lead to privilege escalation and code injection into root processes. The vulnerability exists in all Linux kernel versions from 5.8 forward and has been patched in Linux 5.16.11, 5.15.25, and 5.10.102….Given the prevalence of Linux in highly sensitive infrastructure, this is a very important vulnerability to mitigate. It is highly recommended that IT and SecOps admins prioritize patching and remediation of this vulnerability in the next 24 hours to reduce organizational risk from this vulnerability.”Remediation steps: If you don’t have an existing Linux patch policy, we recommend a Patch
Wait, it’s already March!?Happy Tuesday, y’all. As I type this, there is a lot going on that we could talk about, obviously. But let’s keep it “light” and just talk about a few stories that were in the news this week. Yes, we’ll have to mention Russia. But the good news is, I’ve been given approval by the Automox Party Department® to allow you all to start a drinking game based around those mentions. If it’s past noon and you see me mention “Russia”, do what you will. :)NVIDIA confirms data was stolen in recent cyberattackGraphics card giant NVIDIA has confirmed “a cybersecurity incident which impacted IT resources.”, from back in November. The threat actor compromised the NVIDIA network and stole employee credentials/proprietary information. The company noted that the incident isn’t expected to disrupt its business.Microsoft Accounts Targeted by Russian-Themed Credential HarvestingHey, everyone take a drink! Anyways, phishing emails to MS users warning of Russian-led account hacking h
It’s Twosday!Hooooooo-wee! Now that the internet is back, I guess we’ll just talk about this AWS/Slack/etc. outage today, huh? Is it a coincidence that it’s happening on Tuesday, 2/22/22?? The conspiracy theorist in me sure doesn’t think so, but the numerologist in me is finishing up a sandwich and can’t currently be bothered. Either way, pretty rough morning for some folks out there.Our own AX Systems team shared a handy graphic with us earlier, showing various sites/services that were likely impacted. Check it out: Woof.It sounds like more CDN issues, but that’s not much comfort because you know what everybody loves? Content. So if you’re currently waiting for the cloud to come back before you can shop at Walmart or ride your stationary bike, I’d just like to ask you to pause and take a look at the future you’re living in right now. Regardless of what you see on the news, it can be pretty amazing. Now go get on your real bike and start pedaling for Walmart. We’ll get back to our regu
It wouldn’t be the Friday before a three-day weekend without a new vulnerability. Or, a new vulnerability from a familiar face. Last week, @Peter-Automox wrote about Adobe’s out-of-band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. That vulnerability, CVE-2022-24086, is an improper input validation flaw that allows arbitrary code execution and nets a 9.8/10 CVSS score. For this vulnerability, Adobe has released an out-of-band update on Monday, February 14th to remediate the vulnerability.But the fun doesn’t stop there! Adobe has revised the initial security bulletin to include another emergency patch for another zero-day discovered in Magento and Commerce. This new vulnerability, CVE-2022-24087, is also an improper input validation issue similar to their previous vulnerability.This new vulnerability is equally as severe, with a 9.8/10 CVSSv3.1 score, but Adobe is not aware of any exploitation in the wild of this vulnerability. We recommend priorit
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.