Let’s patch FileZilla using System Center 2012 R2!

,

While patching Microsoft applications these days might be easy using System Center or WSUS, non-Microsoft applications usually get forgotten. With the vast majority of vulnerabilities being present in your non-Microsoft applications you can no longer simply take a guess at what to package up. How easy is it using a tool that has been specifically created for this problem? Let’s patch FileZilla 3.0.2.1 to 3.7.3

Out of date versions are a security issue

Out of date versions are a security issue

 

The process of patching using the Flexera Corporate Software Inspector is very easy, with it setup the data for the machine was already in the handy System Center plugin and asking to be updated:

SPS1

The SPS is a dynamic list, only showing you what your environment needs unlike a traditional catalogue

 

Using the wizard the process was as simple as “next, next, publish” and the package was created:

SCCMUpdates

Did you know you can also drive auto deployment rules?

 

Finally we deploy the package via System Center:

DeploySoftware

Deployment is no different to a Microsoft patch!

 

From here you use the built in configuration manager options to deploy the software (patch FileZilla), either by a deadline, or by when the end user wants it:

Ready to install

Deadlines and maintenance windows can be used like normal

 

And we are done!

FileZillaPatched

The process took only a few minutes!

 

If you would like to see more on how to patch FileZilla, including the wizard and also the huge database of products ready to be deployed, contact us for more information!

 

 

Update 1:

Below is the video of me conducting this, only 2 minutes long!

 

Are you patching effectively?

,

Patching is critical to keep your business secure, but many people think they can do it better manually. Even worse, when patching manually with no vulnerability scanning you never get an accurate picture of what needs to be secured on your network. Are you patching effectively?

Think you are doing a good job? Take one of our quick-scans and find out how you stack up, and then let us show you how you can do it better.

Australian Signals Directorate – “Security patching is key”. How compliant are you?

, ,

The Australian Signals Directorate (ASD) consider the timely deployment of application patches a core function in IT management. Security Patching is key to reducing an organisation’s vulnerability level on applications and operating systems.

In fact, the ASD currently rates application patching as one of the most effective security practices agencies can perform to mitigate targeted cyber intrusions.
Even so, we continually see organisations failing to implement a strategy to effectively manage this ongoing challenge.

QuickScan2

Did you know?
The majority of successful cyber-attacks use publicly known vulnerabilities for which a patch is available. This means that a good portion of these attacks could have been avoided if companies and organisations had used vulnerability intelligence to mitigate the risks.

Want to find out how vulnerable your organisation is?
Get a Quick Scan – we can tell you in just a few minutes how secure you actually are.
If you’d like to learn a bit more first, contact us for more information.

QuickScan5

Quickscan results showing the 3rd party application risk in your environment.

How can we help?
The Corporate Software Inspector from Secunia (now part of Flexera Software) is the intelligent 
solution to manage your security patching, enabling you to assess, prioritise and execute software vulnerability remediation to reduce risk. CSI tells you the when, where, what and how of security patching and alerts you you when a software vulnerability with an available patch is threatening your infrastructure, where it will have the most critical impact, what the right remediation strategy is and how to deploy it.

The Corporate Software Inspector lets your team know what to patch for maximum impact and consistent risk reduction. You get complete visibility of your systems, stay current and reduce the cost of your patch process significantly.

Thomas Duyrea and emt Distribution win at Global Secunia Partner Conference

,

We’re pleased to annouce that our partner Thomas Duryea brought home the Secunia Global Partner of the Year at the Secunia Partner conference held in Prague earlier this month. “[Thomas Duryea] has demonstrated tremendous capability in achieving net new business,” announced the Danish security vendor.

Our own General Manager, Shane Mahney, also won the “Best Product Manager of the Year” award. Secunia stated that Mahney had worked “across time zones” and regularly spent “weeks on the road” on behalf of the vendor to run “partner meetings, customer meetings and workshops educating partners”.

secunia_partner_conference_2015_awards

At the partner conference in Prague. From left to right – Shane Mahney (General Manager, emt Distribution Australia), Victoria Bentham (Regional Director, UKI/APAC), Thomas Todt (Sales Engineer, Secunia), Jarrod Vassalla (National Practice Manager, Thomas Duryea), Peter Colsted (CEO, Secunia) and Glenn Mahney (Secunia Partner Manager, Australia)

Read more: http://www.crn.com.au/News/409166,thomas-duryea-brings-back-the-goods-from-prague.aspx

 

Drive-by downloads, being exploited without knowing

,

Imagine this, your employee is browsing the internet for recipe ideas for that night’s dinner, after a few different places they stumble upon the website of a well known chef with exactly what they want.

Just a few moments later you get a call, their machine is showing a well known ransomware landing page and the malware is currently making its way through your network drives encrypting your data. How did this happen? They never clicked any malicious looking emails, and they never browsed to any websites that weren’t reputable, and yet they have been hit with ransomware.

Fiesta EK attack paths

Fiesta EK attack paths

What has happened is a drive-by download, malicious exploit kits being quietly downloaded in the background and exploiting known vulnerabilities for software that has not been patched. Just simply by going to the website the script was actioned, the exploit kit downloaded and then the malware payload dropped onto the machine.

While this may sound like something that would only happen to people browsing ‘dodgy’ websites, keep in mind that just this year jamieoliver.com has been exploited three times with this exact method; February, March and May. As part of the exploit the ‘Fiesta EK’ was downloaded, which has been known to prey on vulnerabilities in unpatched versions of Flash, Silverlight, IE, Reader and Java. It has also been known to drop TeslaCrypt, a well known piece of ransomware that has been spawned off the previous ‘successes’ of the well known Cryptolocker.

FiestaEK

Script calling the Fiesta Exploit Kit to be downloaded

So how do you protect against these seemingly undetectable threats? Fancy IPS or IDS systems, antivirus or malware analysis systems?

No, the solution is much more simple than that; patch your software.

It really is that simple, by patching the vulnerabilities that these exploit kits use to drop the malware you close the loop and stop the exploit from being successful. In the case of the Fiesta EK patching your Microsoft vulnerabilities simply will not do anything to stop the kit, you MUST patch your third party as well.

emt distributes to APAC software from Secunia that specifically helps you do this, see more at https://www.emtdist.com/secunia/