xAssets Industry Information Resource
Links to Useful Articles Relating to Asset Management and Cloud Computing

Industry Resource - Jan 2018


Amazon, Salesforce Shifting Business Away From Oracle: Report

Two of Oracle s biggest customers, Amazon and Salesforce are planning to replace Oracle software running on crucial business systems. Both companies plan to use lower cost open-source database software. The companies have made significant progress toward replacing Oracle all together. Although Oracle s database is considered by many to be the most advanced, it s also expensive and comes with complex licensing terms. Amazon has switched over two internal databases that run its e-commerce operation to open-source NoSQL. Salesforce, has also been developing a database replacement, code-named Sayonara ( Japanese for goodbye ) and is now ready to deploy it internally.
Click here to read more

Un-clear and Present Danger

Fileless Malware, also known as Advanced Volatile Threat, is malware that can launch without being stored on a systems hard drive. Traditional forms of malware saved their payload to a drive, either as an executable file or script. It was then and then executed it or scheduled to run at a late time or dater. Anti-virus software exploits this design by intercepting accesses to the file store. AV software can then detect the creation of a file and interrogate it for signatures of known malware. When detected the malware id deleted or quarantined before it can run. Consequently, if malware doesn t write any code to disk, the AV software never sees it. Even if the malware s signatures are known, the code will never be discovered.
Click here to read more

Cisco Releases Security Connector App For iOS Devices

Cisco recently announced the availability of Cisco Security Connector on the App Store The offering is a security app that will give enterprises the deepest visibility and control over network activity on iOS devices. The primary benefits of the Cisco security connector app are enhanced visibility into incident investigations involving enterprise-owned iOS devices and better control over iPhone and iPad users who may connect to malicious sites.
Click here to read more

Windows Patches: Microsoft Kills Off Word's Under-Attack Equation Editor, Fixes 56 Bugs

In its first security update for 2018, Microsoft fixed 56 flaws and included a fix for a new Office vulnerability caused by Word's built-in Equation Editor that is currently being exploited by hackers. The update follows Microsoft's emergency patches for the Meltdown and Spectre CPU attacks. Of the 56 fixes 56 in this update, Microsoft addressed the Equation Editor flaw in Office it patched in 2017. A cybercriminal group started to exploit that flaw soon after Microsoft released the patch.
Click here to read more

Trust Is Not a Strategy for Cybersecurity

Cyberattacks are ongoing activities, not discrete events. To compound matters digitalization and connectivity are heightening companies cyber risk. A breach of a single connected operational technology system puts every device on the network at risk. Low-security, unpatched and small networks provide easy access for cybercriminals. Human error and negligence also are major cyber risks. To establish and sustain cybersecurity, greater awareness of threats and a detailed knowledge of the components on the network are critical. In addition to mastering basic security measures, companies need to proactively detect and respond to attacks.
Click here to read more

Half a Million Users Affected By Malicious Chrome Extensions

US-based IT security company, ICEBRG recently discovered four Chrome extensions containing malicious code that were distributed through the official Chrome Web Store.
The company revealed that these extensions were primarily used to conduct click fraud and/or SEO manipulation. However, they could also provide cyber criminals with a way to access a corporate network, and a means to steal proprietary information. ICEBRG said the investigation was prompted by an anomalous spike in outbound network traffic from one of its customer's workstations. The investigation resulted in the discovery of the four malicious extensions: Change HTTP Request Header, Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes.
Click here to read more

How to Choose the Right Asset Management Software

Selecting best IT asset management software for your business requires time and effort. With all options available, one-size-fits-all does not apply. A solution that works for one company might not be a good fit for another. Evaluating options can be a time-consuming task especially if IT management does not have clear idea of the needed functionality. There are six important aspects that must be considered in selecting an IT asset management software solution. They include: Accessibility, Mobility, Features, Scalability, Pricing and Support.
Click here to read more

How IT Can Improve Asset Management

IT asset management challenges are numerous. They range from locating an old decommissioned server in the closet of a remote field service office, to discovering software that has become shelf-ware, to reallocating IT assets that are only being utilized to about. All are assets that are used at 20% of capacity. The organization continues to pay maintenance and licensing costs on these under used assets, draining the IT budget. There are IT asset management best practices that can be applied to address these problems. Four IT asset management cornerstones that comprise some of the best practices include: 1) implementing a asset management software solution, 2)assigning a person or group to be responsible for managing corporate IT assets, 3) making asset management an integral part of IT budget planning and execution and 4) periodically performing a manual inventory of the physical, software and and cloud-based assets.
Click here to read more

How to Manage Your Software and Hardware Assets

Hardware, software, and network management programs can result tangible benefits to any company. Firms having and maintaining an in-depth understanding of what devices comprise the network can make deliberate decisions when procuring additional assets. They avoid unnecessary purchases, negotiate better contracts, and maximize the benefits of the IT budget spend. Good visibility of the company s IT assets enables IT management to insure license compliance and implement improved security initiatives. In addition, productivity improves as service desk agents armed with detailed asset descriptions are better equipped to troubleshoot and resolve end-user issues.
Click here to read more

Mobile Devices and the Industrial Internet of Things (IIoT)

When attempting to secure general purpose and industrial IoT (IIoT) devices, IT pros consider limiting access to networks, especially those that don t use encryption; ensuring devices have current firmware and strong passwords; and using caution with regard to devices with cloud services. However, with so many BYOD and corporate owned devices on enterprise networks, the attack surface is much larger than traditional networks. End-user devices may be unpatched because no patch is available from the carrier or manufacturer, or which may have vulnerable or otherwise risky apps, or may have apps that send sensitive data to questionable sites on the Internet. Consequently, the proliferation of mobile devices has significantly added to the overall vulnerability of the network.
Click here to read more

The Future of AI and Endpoint Security

In the past it was sufficient to install antivirus software across a network to maintain a reasonable level of endpoint protection. Unfortunately this is no longer the case. With the growth of bring your own device (BYOD) policies and the number of smart devices available on the market there are more endpoints than ever. Consequently, endpoint security has never been more under threat. A number of studies have indicated that between 70% and 95% of the of security breaches originate at endpoints.
Click here to read more

High Mobile Device Adoption In Workplace Adds To Network Security Woes

The proliferation of bring-your-own-device (BYOD) programs is exposing corporate networks to complex cybersecurity threats. Security company Fortinet warns that vulnerabilities include shadow IT and data leakage. Employees expect to use their mobile devices at all times, and firms are allowing staff to access the corporate network from their personal devices, with minimal control over application use.
Click here to read more

The Benefits of a Subscription Service

Software has typically been acquired with a perpetual license, whereby firms pay for the number of licenses required for their workforces. However, recently software vendors are moving to subscription services. In fact, subscription services benefit both software publishers and their customers delivering a new level of flexibility and agility. Subscription services changes the ways that software expenses are accounted for. With a perpetual license, software is typically treated as a capital expenditure (CAPEX); subscription services are treated as an operating expense (OPEX). The difference in accounting gives the corporations more flexibility and an easy means of using the most current version of the software.
Click here to read more

Increase in Audits Makes Software Asset Management a Solid Investment

It is virtually guaranteed that any company that uses software will be targeted for a software audit at some point. According to some experts, it s not a question of if, but when a firm will be required to provide evidence of compliance with the terms of its software license agreements with the software vendor. For many firms, software asset management (SAM) tools are a key part of doing business and are critical tools in limiting the impact of vendor audits. The need to track hardware and software assets throughout their entire lifecycle is more important than ever as enterprises migrate to the cloud and invest in virtualization services. According to research by Transparency Market research, the IT asset management software market is projected to have a CAGR of nearly 7% over the next six years.
Click here to read more

How to Respond to a VMware Audit

Businesses facing VMWare audits must be prepared to take a number of steps to ensure compliance and avoid worsening any potential copyright infringement claims. These steps include: 1) identifying the source of the audit, 2) preserving the network to prevent spoliation of evidence claims, 3) conducting a comprehensive audit of the network, 4) reviewing the terms of the license agreement for each use case, 5) collecting all entitlements and license agreements and 6) negotiating a resolution of the audit.
Click here to read more

Should I Fear the Reaper?

Reaper was first identified spotted by an Israeli security firm in October 2017. Typically it lies dormant, seeking out Internet of Things (IoT) devices as a means to access other computer systems. It then recruits those devices to a network called a botnet to steal data, distribute spam, and perform other destructive actions. The best way IT can protect the network is to maintain a proactive strategy. Use an IT asset management and anti-virus solution tool to determine if all available specific security patches are installed, along with other known vulnerabilities and the location of various Reaper control networks.
Click here to read more

Cisco: This VPN Bug Has A 10 Out Of 10 Severity Rating, So Patch It Now

Cisco is advising customers of its Adaptive Security Appliance (ASA) software to patch a dangerous VPN bug. Cisco's ASA operating system has a severe double-free vulnerability in the Secure Sockets Layer VPN feature. The company is warning customers that it "could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code". According to Cisco a successful attack would allow an attacker to take "full control of the system. As a result of to the ease of exploitation and the impact, the has been assigned a Common Vulnerability Score System (CVSS) score of 10 out of a possible 10.
Click here to read more

More Than 2,000 WordPress Websites Are Infected With a Keylogger

Researchers recently warned that over 2,000 websites running the open source WordPress content management system are infected with malware. That a specific malware logs passwords along with anything else an administrator or user enters. The keylogger is a component of a malware package that installs an in-browser cryptocurrency miner. The miner runs undetected on the systems of anyone visiting the infected sites.
Click here to read more

Industry Resource - Dec 2017


Three Ways That Software Asset Management Can Help Minimize Security Risks

An effective software asset management (SAM) program can do far more than protect companies from the impact of unfavorable software compliance audits. According to Gartner, SAM can reduce software expenditure by 30%, as well as minimizing security risks. With cybersecurity a high priority with CIOs, IDC predicts that global spending on security technology to exceed $80 billion USD in 2017. Despite the focus on cybersecurity, many companies often neglect the basics when it comes to protecting their IT assets. One of those basic functions is deploying a robust SAM program. Businesses can use SAM to bolster their cybersecurity, reduce software expenditure, and protect their company from the costs of an unfavorable audit.
Click here to read more

How to Conduct a Software Audit

Too many companies lack a mature or even early-stage software asset management (SAM) practice. Consequently, when they are audited for software compliance they may consider themselves to be at the mercy of the auditors when asked for licensing information. This situation can be financially disastrous. Companies that cannot track what software they are using cannot effectively manage their software portfolio. Lack of such information typically results in over-deployment and over-usage of software, creating an environment ripe for an expensive audit. Furthermore, blind cooperation with all information requests received from software auditors can result in the disclosure of more information than necessary to confirm their licensing obligations, which then can result in inflated compliance demands.
Click here to read more

Android Security Alert: Google's Latest Bulletin Warns Of 47 Bugs, 10 Critical

Google recently warned Android users and partners about 47 bugs in the operating system.
Ten of the vulnerabilities are rated 'critical' for their potential security impact, while the other 37 are rated as 'high' priority. The company noted that "Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level" and that they should bundle all the fixes in a single update. Among the most severe of these flaws is a critical security vulnerability that could enable a remote attacker to execute arbitrary code within the context of a privileged process. A subset of the group of vulnerabilities includes a flaw which could enable a malicious application to bypass user interaction requirements to gain access to additional permissions.
Click here to read more

Security Bug That Let Hackers Steal Banking Passwords Put 10 Million App Users at Risk

A critical security bug, that could enable hackers to steal customer usernames and passwords, was recently discovered in major banking apps. Researchers from the University of Birmingham and the UK's National Cyber Security Centre worked to identify and fix the vulnerabilities and push the fix to users. The team used a tool called "Spinner", which performs "semi-automated security testing" of mobile apps. The identified apps had a combined user base of tens of millions of users.
Click here to read more

New Spider Ransomware Threatens To Delete Your Files If You Don't Pay Within 96 Hours

A new form of ransomware has been discovered by researchers at Netskope. It is distributed through malicious Office documents, which when opened infect victims with file-encrypting malware. The infected Microsoft Office attachment contains obfuscated macro code which, assuming macros are enabled, permits a PowerShell to download the first stage of the ransomware. The PowerShell script then performs operations to execute the ransomware payload. An encryptor is then launched, encrypting the user's files, adding a '.spider' extension to them and then displaying a ransom note.
Click here to read more

Ai.Type Data Leak: 31 Million Users' Personal Data Exposed Due To Mongodb Cloud Configuration Error

Cybersecurity firm Kromtech Security Center discovered that the virtual keyboard app Ai.Type exposed the personal information of over 31 million users on an unsecured online database. Researchers, found that Ai,Type users are required to allow "Full Access" to all of their data stored on their iPhone, including past and present keyboard data. Kromtech wrote in a blog post
"Based on the leaked database they appear to collect everything from contacts to keystrokes. This is a shocking amount of information on their users who assume they are getting a simple keyboard application. This also exposed just how much data they access and how they obtain a treasure trove of data that average users do not expect to be extracted or data mined from their phone or tablet.
Click here to read more

How to Spot Fake Apps, What To Delete If You Download One

Cyber criminals create and distribute fake apps to take control of users devices to steal information, spy on users and/or bombard users with unwanted ads. Fake apps aren t always suspicious looking and can often resemble popular apps like WhatsApp and Pok mon Go.
While fake apps could resemble popular apps like WhatsApp and Messenger, the counterfeit versions often have red flags. Users should be wary of apps with improper grammar and spelling, unusually low download numbers and excessive permissions. Detected fake apps should be immediately removed by going to the installed apps page and looking for blank spaces where it may be hiding. Lacking any other option, the safest option is to wipe the device s memory and start over again.
Click here to read more

Securing Industrial Control Systems Becomes Critical As Manufacturers Add IoT In 2018

As machine-to-machine connectivity expands in the industrial market, security risks are also increasing. New malware threats will continue to attack critical infrastructure systems. For example, according to FireEye a new type of malware called Triton has shut down the operations of a critical infrastructure organization. The malware specifically targets the Triconex device, which is a safety instrumented system for industrial plants. Security will remain a critical issue for all companies in the new year. A survey recently published by LNS Research found that les than 60 percent of industrial companies use firewalls, and only a quarter plan to implement industrial network monitoring over the next year.
Click here to read more

Hackers Can Guess Security PIN Using Your Smartphone s Sensor Data: Here s How

According to a recent study, many sensors that are standard components of smartphones can create a potential security vulnerability. Using information collected from six different smartphone sensors found in smartphones, researchers succeeded in unlocking Android smartphones with nearly 100 percent accuracy within only three tries. The research highlights a significant flaw in smartphone security, as using the sensors within the phones require no permissions to be given by the phone user and are accessible by all apps. The researchers classification algorithm gave different weightings of importance to each of the sensors, depending on how sensitive each was to different numbers being pressed, eliminating factors judged to be less relevant. Although individuals input the PIN on their phones differently, the research showed that as more data was fed to the algorithm over time, the accuracy of the PIN pre4dictions improved..
Click here to read more

Can IoT Help Make The Enterprise More Secure?

Enterprise Internet of things (EIoT) may be an ideal solution to help companies mitigate internal security risks. EIoT provides companies the ability to mitigate security threats before they happen. The technology offers a low-friction way of monitoring and tracking who is in what system when. It can even send alerts if activity from unauthorized personnel is detected or a settings change in a highly confidential system. EIoT is also a much better approach than traditional passwords, which must be constantly updated and are easily leaked or stolen.
Click here to read more

Industry Resource - Nov 2017


Is More IoT Driving More Cyber Attacks?

The Internet of Things (IoT) has virtually torn down the barrier between the Internet and devices. Consequently, and attack on one of these two will inevitably involve the other. With IoT technology, we can remotely control numerous connected devices. However, remote use of those devices also requires the users to be vigilant in terms of security. Utilizing weak passwords or unencrypted connections enable criminals to easily access and control the IoT devices by large scale scanning.
Click here to read more

Watch Out For This Password-Stealing Facebook Hack That's Hitting iOS And Android Users

Security experts have warned that a phishing campaign has is spreading across Europe using Facebook Messenger. An F-Secure researcher reported that a redirection technique was being used by criminals to send users to a malicious phishing page, with the intent to steal the passwords of iOS and Android users. The malware sends links posing as YouTube videos, but hackers used URL shorteners to disguise the actual malware locations. Based on forensic analysis of the link data over a two-week period, the scheme has impacted 200,000 users in just a two week period.
Click here to read more

Google Says Hackers Steal Almost 250,000 Web Logins Each Week

Examining cybercriminal black markets and public forums, Google discovered millions of usernames and passwords stolen directly through hacking, and billions usernames and passwords indirectly exposed through third-party data breaches. Google researchers, working over a period of 12 months, investigated the different methods hackers use to steal personal information and commandeer Google (GOOG) accounts. The researchers created an automated system to scan public websites and criminal forums for stolen credentials and investigated over 25,000 criminal hacking tools.
Click here to read more

Mobile-App Errors Expose Data On 180 Million Phones: Security Firm

Cyber-security firm Appthority reported that a coding error in over 680 apps enabled hackers to intercept calls and text messages from millions of smartphones. The firm said that developers mistakenly coded credentials for accessing text messaging, calling and other services provided by Twilio Inc. By reviewing the code in the apps, Hackers could access those credentials and then gain access to data sent over those services. Affected apps include the AT&T Navigator app and more than a dozen GPS navigation apps published by Telenav Inc. These apps have been installed nearly 200 million times on Android phones and an unknown number of times on Apple s iOS-based devices.
Click here to read more

Android vs iOS vs Windows: Which Suffers Most Infections? Nokia Reveals All

Nokia's 2017 Threat Intelligence Report found that nearly 70 percent of all devices infected in the past year were running Android, with nearly 30 percent running Windows. Less than 5 percent were running iOS. The figures are based on data collected from Nokia's NetGuard, software.
Click here to read more

Microsoft Just Fixed a Security Flaw in Office That's 17 Years Old

Microsoft recently addressed a vulnerability in Office that has go ne unpatched for a very long time. This particular flaw has been present in Office since 2000. The vulnerable component is the equation editor, which allows users to insert complex mathematical expressions into Office documents. According to security researchers the equation editor flaw is very dangerous as they come. A well-executed attack could allow a hacker to launch malicious code on any vulnerable machine.
Click here to read more

Massive Botnet Quietly Harvesting 2 Million Vulnerable IoT Devices, Report Says

Cybersecurity research teams have discovered a powerful IoT attack malware dubbed Reaper that is being disseminated through flaws in IoT software and hardware. To date the malware has infected 2 million IoT devices. Reaper is much more powerful than the Mirai botnet that brought down Twitter, Spotify, Netflix and other major websites last year. Unlike Mirai, which scans for open telnet ports and attempts access with a preset list of weak credentials, Reaper forcibly takes over unpatched devices and adds it to its command and control center.
Click here to read more

Mobile Malware Incidents Hit 100% of Businesses

According to a recent Check Point report, worldwide 100% of those businesses with BYOD and corporate mobile device users has been exposed to mobile malware. The document reported an average of 54 attempts per company across a 12-month period. The study was based on data collected from Check Point SandBlast Mobile deployments at nearly 900 organizations. Michael Shaulov, head of Check Point's product management for mobile and cloud security, noted that "100% of businesses [being attacked] was not surprising because the statistics from a year or two ago started to show it was going this way," says. "But the average of 54 [attacks] was surprising. I was expecting two, three, or four." The report also notes that nearly all security professionals anticipate actual mobile malware attacks to continue to increase. Over half doubt they can prevent them.
Click here to read more

Intel Chip Flaws Leave Millions of Devices Exposed

Intel s remote administration feature, the Management Engine has been thought to be tempting target for cyber-criminals. By compromising the Management Engine an attacker could gain full control of a computer. Recently Intel has confirmed that those worst-case scenarios may be possible. The chipmaker released a security advisory that lists new vulnerabilities in ME, the Server Platform Services tool, and Intel s Trusted Execution Engine. The company also published a Detection Tool to help systems administrators to check their systems to determine if they are exposed.
Click here to read more

How ROI Analysis Supports a Smooth Cloud Migration

According to a recent Unisys report, most organizations conduct a formal ROI assessment before migrating to the cloud. The "2017 Unisys State of Cloud Transformation Survey" report indicates that take this step is crucial for companies to attain the cost savings they expect from moving to the cloud. Many firms want to to address issues related to disaster recovery and business continuity, capital costs and the need to respond to business requirements through an ROI analysis. Organizations that plan their cloud migration are often best positioned to realize operational, financial and competitive success from a cloud migration.
Click here to read more

Why Federal CIOs Are Receiving 'Failing Grades' For Software Licensing

Federal CIOs came under the fire during on Capitol Hill when the House Oversight and Government Reform IT Subcommittee reviewed the most recent Federal Information Technology Acquisition Reform Act (FITARA) scorecard. Of the 24 agencies reporting, only three agencies saw grade improvements while 15 remained unchanged and six declined.
Software licensing was added to the scorecard, and 17 of the 24 graded agencies received a failing grade. The extensive number of failures indicates that agencies do not know what software is running on their networks.
Click here to read more

Ransomware Attacks On Android, Linux And MacOs Systems Rise In 2017: SophosLabs

According to the SophosLabs 2018 Malware Forecast, ransomware ravaged Windows, and attacks on Android, Linux and MacOS systems increased in 2017. Two strains of ransomware (WannaCry and Cerber) were responsible for nearly 90% of all attacks. The SophosLabs report recaps ransomware and other cybersecurity trends based on data collected from Sophos customer computers worldwide. The findings were also used to predict what might happen in 2018.
Click here to read more

The Average Company Suffers 5 IT Incidents A Month: Study

According to a recent report entitled Damage Control The Impact of Critical IT Incidents conducted by analyst firm Quocirca, on average organizations suffer five critical IT incidents a month. Each incident costs the IT department, on average, in excess if $35,000 USD. The rest of the organization can suffer additional costs in excess of$100,000 per incident.
Bob Tarzey, an analyst at Quocirca noteds that It s clear that organizations are finding it challenging to maintain end-to-end visibility with the growing volume of data being generated by their IT systems and infrastructure. He added that Organizations need to be able to collect and analyze data across all their IT infrastructure more effectively to reduce the time spent in damage control mode and increase time spent on pro-active digital innovation.
Click here to read more

Industry Resource - Oct 2017


5 IT Practices That Put Enterprises at Risk

Cybersecurity threats are increasing in size and complexity on a daily basis. However, too many IT organizations continue to make their enterprises vulnerable to attacks by overlooking a number of simple tasks that could make them more secure. No single solution can keep organizations completely protected, there are some things to avoid that will allow IT teams to improve their security. These include; 1) stop using old printers, 2) paying attention to alerts, 3) stop sharing admin rights, 4) stop allowing the use of employee apps and 5) being prepared for device loss or theft.
Click here to read more

Report: 61% of IT Leaders Rely Only On Employees To Enforce Strong Passwords

Too many enterprise IT groups depend on their users to monitor password protection. According to a new report from LastPass and Ovum, this lack of policy enforcement can put the company at risk. According to a survey of over 350 IT executives and nearly 600 corporate employees, over sixty percent of IT executives rely exclusively on employee education to enforce strong passwords. The survey found that approximately 75% of employees noted that they regularly have problems with password usage or management.
Click here to read more

SAM Stops Inflated SaaS Subscription Costs

Too many IT groups believe that migrating to the cloud will simplify their software license management processes. However, SaaS licensing can become complicated and expensive. In the absence of an effective software asset management (SAM) solution, assigning licenses to named users creates the risk of inappropriate, unnecessary or unjustified software expenses. Moreover, SaaS subscription models can replicate these expenses with every renewal if the license is used or not. A SAM process enables the IT department to fully understand SaaS software licensing bundles and requirements, helping IT pros to identify, deactivate or reassign unused licenses.
Click here to read more

Software Asset Management Market to See Incredible Growth During 2017 2025

The demand for software asset management SAM) software is growing quickly because of companies focus on enhanced risk management and cost control. SAM enables IT pros to track software licenses consumption and control the cost of installed software. A SAM solution provides benefits including managing software assets, immediate and long-term financial benefits, guards against unintentional licenser overuse of licenses, software licensing compliance and enhanced security from the use of unauthorized software.
Click here to read more

Rules for Auditor Assessment of Cybersecurity Under Consideration

Auditor s may be given the responsibility to assess a company s cybersecurity defenses and use of software audit tools. Glenn Tempro, associate director of the Public Company Accounting Oversight Board, noted at a recent conference that software audit tools can enable auditors to better identify risks.According to Tempro, the auditor should evaluate whether the information technology tool (software) is meeting the objective for which it is being used. Cybersecurity is also the auditor s concern as cyber-attacks may affect the reliability of the information that auditors evaluate. Cyber-risks include unauthorized access to data resulting in unauthorized or malicious deletion or changes to information, such as reporting unauthorized or nonexistent transactions.
Click here to read more

How to protect your company from an unlicensed-software crackdown

Using unlicensed software is copyright infringement and can result in costly penalties under U.S. law. Damages in an audit-settlement can be as much $150,000 for each copyrighted product infringed, plus the cost of the audit. There are some key steps that a company can take to protect itself from becoming subject of an audit, and to facilitate an audit once it is underway. Some of these measures include: 1) use a software asset management tool to conduct a software self-audit, 2) if an under-licensed condition is discovered, immediately purchase all license shortfalls, 3) implement and enforce a hardware and software use policy, 4) train all employees about software license use and 5) use an automated tool to track all license purchases and hardware dispositions.
Click here to read more

Software License Reuse, An Opportunity For Savings In Europe

In July of 2017 the European Court of Justice legalized software license reselling. He ruling has created a massive secondary market for software reuse in Europe, potentially creating significant saving opportunities for European companies. The eligibility rules for software reuse are simple: 1) the license must be perpetual, 2) fully paid, 3) originally marketed in the EU with vendor s consent, 4) the previous owner renders his copy unusable and 5) the new user recipient must adhere to with the terms of the original license. Using an IT asset management system, licensees can identify and re-license unused copies of software, and neew users can achieve significant savings on needed software licenses.
Click here to read more

Which Devices Are Most Vulnerable To Cyberattack?

ReportLinker found that just over half of consumers still feel safe using the internet, and that just over 80% of survey respondents have increased concerns about cyberattacks. Nearly 60% of people consider their PCs to be their most vulnerable devices, while a quarter considered their smartphone as the weakest link. Less than 10% thought that their smart devices were a security risk. However, it is those smart or Internet of Things that are at the top of the list for security experts. To protect smart devices from attack, users need to able to recognize and inventory them, and then take measures to prevent them from being accessed by hackers.
Click here to read more

Cybersecurity Experts Warn of Impending Botnet Hurricane

Cybersecurity researchers at Check Point Software recently uncovered a massive botnet that has expanded to infect an estimated million organizations. The company believes the botnet and could bring vast parts of the internet to a complete halt. Other independent cybersecurity researchers confirmed Check Point s discovery, saying the botnet could potentially dwarf the Mirai botnet that took down major websites, crippling a part of the internet s backbone and slowing traffic to a crawl.
Click here to read more

Data Breaches Rose By 164% in First Half Of 2017

According to a study by Gemalto, a European digital security firm based, there were nearly 920 data breaches during the first half of 2017. Almost 2 billion data records were exposed as a result. A large percentage of the compromised records resulted from the 22 largest data breaches. Nearly three quarters of all breaches came from malicious outsiders. Malicious insider attacks comprised fewer than 10% of all breaches, with 20 million records being compromised as a result.
Click here to read more

How Your Business Can Get the Most Out of Software Asset Management Tools

According to Gartner, nearly 70 percent of enterprises receive at least one software audit request each year. A failed audit can result in penalties and licensing fees ranging from $100,000 to more than $1 million. To compound matters, Unfortunately, audit risks aren t likely to diminish anytime soon. IT trends including virtualization, bring-your-own-device (BYOD) programs and cloud services add new complexities to software asset management (SAM) plans an operations. Some auditors believe that Where there s mystery, there s margin Today s mix of virtual and physical environments, plus the shift to cloud computing, create a lot of mystery.
However, SAM tools provide IT managers with the tools to help them avoid and respond to audits, as well as optimizing their software spending.
Click here to read more

Your Agency Needs to Comply with the MEGABYTE Act Here's How

U.S. government agencies are still failing to manage their software license inventories more than a year after the MEGABYTE Act was passed into law. The act, which was signed into law in July 2016, requires agency CIOs to develop a comprehensive software licensing policy. Agency CIOs must also submit a report to the Office of Management and Budget on the financial savings or avoidance of spending that resulted from improved software license management. However, according to the latest Federal IT Acquisition Reform Act report card, 21 of 24 CFO Act agencies do not comply with the MEGABYTE Act. Agencies need to use software asset management (SAM) and license optimization tools and other IT tools to better manage and inventory the vast number of software licenses currently installed on agency devices..
Click here to read more

Software Licensing: Unloved and Undervalued, but Critical to Digital Transformation

As organizations look to transform their operations to a digital workplace, software license management has never been more important. From the cloud, to mobile devices, to the Internet of Things, digitalization creates another layer of complexity for enterprise IT managers.
When looking at software licensing, this complexity is two-fold. Organizations need to develop and deliver services that meet the needs of employees and customers, most of which will involve some form of software. Further difficulty results from the need to comply with complicated governance and compliance requirements. Against this backdrop, too many organizations are often unsure about their licensing position. Implementing a robust software asset management program is one way IT pros can better manage all the software in their enterprise.
Click here to read more

U.S. Warns of 'Bad Rabbit' Ransomware That Hit Computers in Europe

Cybersecurity experts in the U.S. issued a warning about a new malware attack called Bad Rabbit. The malware originated in Russia and is spreading worldwide. The U.S. Computer Emergency Readiness Team, which is under the Department of Homeland Security, "received multiple reports" from many countries around the world about ransomware infections called Bad Rabbit. The malware infects computers by posing as an Adobe Flash installer on compromised media websites and then restricts user access until a ransom is paid to unlock it.
Click here to read more

Industry Resource - Sep 2017


Internet Providers Could Easily Snoop On Your Smart Home

A recent study published by a team at Princeton s computer science school found that internet providers can monitor a wide range of data from your smart home s IoT metadata. The researchers demonstrated that an ISP, other network observer read that as hacker ) can gather sensitive activities by analyzing internet traffic from smart homes containing commercially available IoT devices, regardless if they are encrypted or not. If reading home IoT information is a reality today, deciphering corporate data cannot be far behind.
Click here to read more

3 Ways to Simplify and Speed Up Security Patches

Cyber-criminals uncover new OS and application vulnerabilities on an ongoing basis. Vendors scramble to address them as soon as they are identified and issue security patches to correct the vulnerability. However, the patches won t protect IT systems until they are applied.
Unfortunately, educational institutions apply less than 20 percent of security patches within 12-weeks following their release. That is markedly lower than the cross-industry average of 61 percent completion during that same time period. The open nature of higher education computing environments means that these unpatched systems are at greater risk of compromise than systems on closed corporate networks. Schools and should focus on three core issues: centralized system management (including a regularly updsated inventory of patched and unpatched systems), application patching and responsibility for BYOD systems.
Click here to read more

Router Flaws Put AT&T Customers at Hacking Risk

Several serious security vulnerabilities in routers used by AT&T U-verse customers allow them to be easily and remotely hacked. Five flaws were discovered in consumer Arris routers used around the world. by Joseph Hutchins described some of the them in a blog post as being as a result of "pure carelessness." Among the vulnerabilities are hardcoded credentials. Attackers can connect to a router and log-in with a publicly-disclosed username and password. Afterwards they have full access to the modem's menu-driven shell, and are able to view and change the Wi-Fi router name and password and make changes to the network's setup
Click here to read more

Researchers Just Discovered A Bug That Has Made Fortune 100 Companies Vulnerable To Simple Hacks Since 2008

Cyber-criminals s can easily hack the websites of over 60% of Fortune 100 companies using nothing more than a web browser and an internet connection. According to a recent security report, hackers simply need to exploit a decade-old vulnerability. The vulnerability resides in Apache Struts, a popular open-source software package used as a programming framework for building web applications in Java. According to researchers at the security firm lgtm, All versions of Struts since 2008 are affected; all web applications using the framework s popular REST plugin are vulnerable.
Click here to read more

Decade-Old Windows Kernel Bug Lets Hackers Bypass Security Protections

Researchers discovered a bug in the Windows kernel that enables hackers to perform malicious actions by manipulating security products that blindly depend on a Windows API. The vulnerability affects a low-level interface, labeled PsSetLoadImageNotifyRoutine that reports when a module has been loaded into the Windows kernel. Using the bug attackers can forge the name of a loaded module, which misleads third-party security products enabling malicious actions without warning. All versions of Windows are affected.
Click here to read more

The Time for IT Asset Management Is Now

The benefits of a comprehensive IT asset management (ITAM) program reports the information required to effectively manage the life cycle of IT assets from acquisition to end of useful life. In addition, companies can use the information generated by and IT asset management program to reduce costs, improve operational efficiency, understand the full cost of existing investments and report accurate cost information. However, an ITASM program can be used to identify and manage risk as well.
Click here to read more

Open Source for Commercial Software Development: Handle With Care

Open source has transformed the manner in which enterprises acquire and deploy software to support their operations. However, users must review their use of open source software (OSS) and determine that they are in compliance with licensing terms. OSS is found in thousands of applications, and provides many advantages for commercial software development That said, introducing third party software into commercial or proprietary applications also introduces risks.
Click here to read more

Bashware Flaw Threatens 400M PCs Globally

Check point recently discovered Bashware, a Windows 10 vulnerability can enable any malware to bypass all security solutions. Bashware is a threat to any of the 400 million computers running Windows 10 PC worldwide. The malware leverages the Subsystem for Linux (WSL), which is a fully supported feature in Windows 10. It makes the bash terminal available for Windows OS users, allowing users users to natively run Linux OS executables on the Windows 10 operating system. However, the security solutions currently in use are not adapted to monitor processes of Linux executables running on Windows OS, providing cybercriminals the ability to run their malware undetected, and to hide from current security products.
Click here to read more

New Report Unveils Top 3 Cybersecurity Threats Facing Business Data

According to a recent study conducted by Infoblox and SANS, the three most significant cyber-threats faced by organizations are ransomware, insider threats, and denial of service. However, these threats were not experienced as stand-alone events. Over 75% of the firms surveyed had experienced multiple threats against their data. In addition, nearly 70% encountered the same threat type two or more times. Despite the proliferation of the threats, almost 60% of the companies in the survey still rely on manual processes to identify their sensitive assets, leaving their networks open to cyber-attacks. The authors of the study concluded that organizations need to develop plans and processes designed to quickly and efficiently identify and secure sensitive assets more
Click here to read more

Why Won't Enterprises Take IoT Security Seriously?

Cyber-theft and data breaches are becoming easier and identifying the culprit has become next to impossible. With the proliferation of Internet of Things (IoT), hackers now can attack millions of devices simultaneously. Yossi Atias, general manager of IoT security at BullGuard, that "IoT devices control physical aspects of our lives, which opens a wide range of possibilities to cause damage. The boundaries are artificial between consumer IoT, industrial IoT, and enterprise IoT they're all connected to the same network, and we've seen combined attacks. In addition, harm caused by IoT devices is permanent. The information that is lost cannot be retrieved. IoT users need to identify and monitor the devices to insure that vulnerabilities are identified and threats are prevented instead of being dealt with after the intrusion occurs
Click here to read more

The Top 3 'Most Wanted' Malware with the Biggest Global Impact

According to a recent Check Point report, ransomware, malvertising, and rootkit attacks were among the most prevalent malware threats in August of this year. Maya Horowitz, a threat intelligence manager at Check Point, noted that the tools and processes available to cyber-criminals is becoming incredibly diverse. She stated that ""Organizations need to be both vigilant and proactive in order to protect their networks." It's vital for organizations to be alert to these shifting threats, to simultaneously keep their defenses up against well-known malware families, new variants and new zero-day threats." One manner in which organizations can protect themselves is to employ an It asset management solution to identify unpatched software applications and to monitor devices attached to the network.
Click here to read more

Top 6 Benefits of Asset Management Software

Asset management software helps to enable businesses to reduce operational IT costs and better manage IT acquisitions and software licensing, enhance the performance of IT operations, improve It asset utilization and manage the IT asset life cycle. Asset management software is a critical resource for any business organizations, but especially for IT the asset intensive organizations. Some key benefits of IT asset management software include: 1) reducing costs while improving productivity, 2) managing work requests and setting priorities, 3) working more efficiently and productively, 5) reducing security risks, and 5) improving service.
Click here to read more

Is SAM for SaaS the Same as SAM for On-Premise?

In a SaaS environment, software asset management (SAM) is less focused on software license compliance audits, and more focused on consumption, spending and license management. SaaS software management is about managing licenses and subscriptions. Track licensing infrastructure components and middleware or hardware changes become less important. Instead of being under-licensed the real risk is having too many user licenses and/or inactive user licenses, which can cause licensing costs to balloon. SAM for SaaS differs from traditional SAM as it focuses on monitoring license consumption and overall cost-management.
Click here to read more

Quality over Quantity: The Art of Software Normalization

Creating an inventory of all the software installed across an enterprise often yields an extensive list of complex and confusing data points. Translating this raw data into meaningful information can be a complex, resource-intensive task. A fully featured software asset management (SAM) tool enables an organization to decipher this data to build a list of licensable software, identifying details such as publisher, product, version, edition, release date, and upgrade/downgrade rights. In addition, software titles are normalized, collecting all of the same software into a single data record, regardless of how the software is labeled in the system. Without the benefit of a SAM tool IT managers face a major challenge in determining exactly what software is running, and licensed, in their environment.
Click here to read more

Report: Negligent Employees Are No. 1 Cause of Cybersecurity Breaches At SMBs

According to a new study released by Keeper Security and the Ponemon Institute careless employees is the primary cause of data breaches at small and medium-sized businesses (SMBs). Of the 1,000 IT professionals surveyed, over half said negligent workers were the base cause of cybersecurity incidents. The second most prevalent cause of data breaches was poor password policies. Darren Guccione, CEO and cofounder of Keeper Security, Inc. noted that
"The number one greatest cyber threat to a business is their very own employees. Critical data is more accessible via mobile devices in our 24/7-connected, device-filled world." Lack of enforces password policies was also an issue: Less than half of the IT professionals surveyed had a password policy in place. Nearly seventy percent either did not strictly enforce their policy, or were unsure if one existed.
Click here to read more

5 Tips for Enterprises to Ensure Their SMB Partners Don't Cause a Data Breach

Large enterprises should vet SMB business partners to avoid indirect cybersecurity problems. Data breaches at large corporations have shown that enterprises are only as secure as their partners. Some steps an enterprise can take to insure their SMB partners don t pose a risk include insisting that they maintain defined access privileges to network resource, have enforced password policies, use automated patch management software and an IT assert management solution, employee security training and a comprehensive BYOD policy.
Click here to read more

7 Windows 10 Security Features That Could Help Prevent Cyberattacks against Your Business

As the breadth of cybersecurity threats expands, Windows 10 users can leverage several functions included in the OS to help protect their networks and data. There are seven Windows 10 features that IT pros can use to make their environments more secure: 1) Windows Defender Smart Screen, 2) Windows Defender Application Guard, 3) User Account Control, 4) Windows Defender Exploit Guard, 5) Microsoft Bitlocker, 6) Windows Defender Device Guard and 7) Windows Defender Credential Guard. An IT asset management system can pinpoint the systems running Windows 10 and help IT management implement these safeguards.
Click here to read more

Why E-waste Should be at the Forefront of a Company s Cybersecurity Plan

As recently reported by Fortune (http://fortune.com/2017/09/06/electronic-waste-recycling-cybersecurity/), e-waste constitutes not only an environmental crisis, but a cyber-security problem as well. The cyber-security concern is rooted in the potential exposure of corporate or personal information extracted from devices that are not properly destroyed. Any electronic device items with the ability to store data can hold valuable information. If not properly disposed of, the information on those devices can be accessed by unauthorized individuals during the end of life process. Companies can use their IT asset management solution s end-of-life features to mitigate the risk associated with e-waste.
Click here to read more

Industry Resource - Aug 2017


Software Audits Continue to Rise: Understand the Software Vendor s Audit Playbook

Software publishers employ a variety of strategies and tactics to extract revenue from customers through the audit process, well beyond the initial license transaction. Company executives must understand as they create the foundation that software vendors use to create future revenue and legitimize audit findings. As software vendor licensing organizations work to develop their overall business strategies, they will be designed and protected by software contract management and pricing policies designed to preserve the contractual right to generate future revenue opportunities.
Click here to read more

Tackling Audits through Automation

No organization wants to endure a software audit, regardless if the auditor is internal or from a third party. Any audit requires an investment of time and labor and can disrupt both an organization s reputation and its bottom line. Today, using software asset management (SAM) software, organizations can mitigate their audit risk, ensure ongoing compliance and meet audit requirement. A number of SAM tools are available to help enterprises reduce error rates, increase efficiency and help IT organizations become more transparent. The adoption of automation isn t a question of if organizations should automate it s more a question of how and when.
Click here to read more

Critical Software Licensing Pitfalls to Avoid When Moving To the Cloud

Having overcome a number of obstacles, corporate IT managers are now running production workloads in the public cloud. In some cases moving applications from the on premise data center to the public cloud is now a routine process. Security professionals have come to realize that cloud providers are better at security than most organizations. Furthermore, while most IT groups understand how to achieve high application performance levels in a multi-tenant infrastructure, software licensing can be a blind spot. Licensing confusion isn't a new challenge as computing infrastructures have evolved. Vendors from Microsoft to Oracle have adjusted their licensing programs over the years and will continue to do so as cloud-computing evolves.
Click here to read more

With Hundreds Of Choices, How Can You Pick An IoT Platform?

IoT Analytics, a German research company, recently published its Global IoT Platform Companies List. The database includes 450 IoT Platform companies, which constitutes a 25% increase compared to the previous edition. Of the industries analyzed, the majority of the vendors focus on supporting IoT Solutions in Industrial/Manufacturing, Smart Cities and Smart Home verticals. For any prospective IT group examining the platform landscape, differentiating between the current 450 plus platforms on the market can be problematic. IoT Network recently launched, in conjunction with IoT research firm Beecham Research, IoT Pilot. IoT Pilot is a free, completely independent, analyst-driven tool designed to help enterprises navigate and evaluate the IoT platform landscape.
Click here to read more

Apple Warns Cyber Threat Could Wipe Out iPhone, Issues Fix

FOX Business Network reported that Apple identified a potential hack that could come remotely via Wi-Fi and has issued a critical security patch for all iOS devices and for Mac computers. Apple considers the virus to be a potentially serious threat and is urging users to install the updates to protect their devices. The same virus is also a threat to Android device users, and Google has taken action to block the virus.
Click here to read more

Five Ways to Detect a Malicious 'Phishing' Email

In the early days of the internet, phishing emails were very easy to identify. However cybercriminals have become far more sophisticated. They can match the branding, color schemes and logos associated with the companies they are trying to impersonate. Even though phishing emails ate harder to identify today, there are some important steps companies can take to avoid becoming victims. Common phishing email traits include: 1) The message asks for personal information; 2) The offer seems too good to be real; 3) The salutation looks odd; 4) The email has mismatched URLs; and 5) The email gives you a suspicious feeling.
Click here to read more

Study: Shipments of Asset Tracking Devices Could Triple By 2022

According to a market analysis entitled "Asset Tracking IoT Devices 2017," issued by Mobile Experts LLC, annual shipments of asset-tracking IoT devices is forecast to grow from over $20 million to $70 million by 2022. The growth is being driven by technology changes including improved long-range communications, extended battery life, and lower prices for tracking modules. Additional technology upgrades have also improved precision and range for indoor locations. The report evaluates different technologies used for tracking devices. The report notes that various wireless standards have benefits for use in certain market segments, including transportation and logistics, industrial, retail, consumer, agriculture, and healthcare.
Click here to read more

Android App Stores Flooded With 1,000 Spyware Apps

Hackers have filled Android app stores, including the official Google Play store, with over 1,000 spyware apps. Once installed, any of these apps can monitor almost every action on an infected device. Called SonicSpy, the malware silently records calls and audio, takes photos, makes calls, sends text messages to devices specified by the attackers, and monitors calls logs. SonicSpy can perform over 70 different commands. Offered as a messaging application, the malware performs the advertised messaging function to avoid arousing suspicions of the download. Meanwhile it steals data and transfers it to a command and control server. SonicSpy was discovered by researchers at Lookout after they found three versions of it live in the official Google Play app store..
Click here to read more

A Replacement Screen Could Offer Hackers a Key to Your Smartphone

According to a new study by a group of researchers from Israel s Ben Gurion University, titled Shattered trust: When Replacement Smartphone Components Attack, replacement parts could contain chips which can be used to hack a user s smartphone and extract important information: Replacement displays, NFC readers, wireless charging components and other such smartphone parts, often sourced from third-party manufacturers, can be used to hack into a device. The third-party source code can be easily integrated into the vendor s source code. Consequently, the smartphone part will show a regular screen to the user while stealing information in the background. Since the part will be fully integrated into the device, it will also override the smartphone security protocols.
Click here to read more

Is Your Printer Your Weak Security Link?

As printers evolved into connected, Wi-Fi enabled multifunction devices the possible attack vector inside organizations expanded dramatically. Printers may be the most vulnerable devices in the network but get less security attention or protection than other piece of equipment accessing the network. According to Jason Rader, national practice director of security services at Datalink, an Insight company, according to Jason Rader, national practice director of security services at Datalink, an Insight company "Given their storage capabilities, printers also contain enormous (and often sensitive) data, which includes every document that's been printed or sent via that printer. Furthermore, as printers are connected to the corporate email system, a hacker can gain access to the information and email it to a selected mailbox..
Click here to read more

New Faketoken Android Malware Records Calls, Intercepts Texts, and Steals Credit Card Info

A year-old Android malware app has evolved from a low-level nuisance to serious security threat. Labeled Faketoken, the malware records calls, intercepts and redirect text messages, and puts screen overlays on apps to create fake payment information windows. Kaspersky believes that Faketoken spreads through bulk SMS messages that prompt users to download images. Once installed the malware hides its existence, installs itself, and begins to monitor the apps that are being used, received messages and records each phone call. Tt then sends all the information to its command and control server.
Click here to read more

Global Wearables Market To Grow 17% In 2017, 310M Devices Sold, $30.5BN Revenue: Gartner

Gartner expects the sales of wearables, including smartwatches to body-worn cameras and even head-mounted displays, to grow over 16% this year. The analyst firm projects sales of over 310 million wearable devices worldwide in 2017, resulting in excess of $30 billion in revenue. Of that amount, the smartwatch category is expected to account for over $9 billion in sales. The Apple Watch currently leads the smartwatch marketplace, with sales eclipsing those of Samsung s Gear smartwatch. The expanding use of wearables may further complicate the BYOD practices in many companies.
Click here to read more

3 Ways SDN Solves Industrial IOT's Undiscovered Security Problems

Companies need to stop worrying about potential industrial network attacks and start considering what it will take to protect against them. One approach is to look at software-defined networking (SDN) as a technological approach with potential uses beyond its intended application in the telecom business. Repurposing this technological framework may be the solution needed by the enterprise to solve three of its biggest security problems.
Click here to read more

Disturbing Trends Revealed By the Microsoft Security Intelligence Report

Microsoft recently published Volume 22 of the Microsoft Security Intelligence Report. It describes a number of disturbing trends that every organization should take very seriously. Microsoft s report indicates that attacks specifically targeting cloud services are growing quickly. The report specific ally notes that that stolen or compromised account sign-in credentials are the security vulnerability most often exploited by cyber-criminals. As has been reported in the past, people and passwords remain the weak link when it comes to enterprise security.
Click here to read more

Most Employees Willing To Share Sensitive Information, Survey Says

According to an end user security survey released this morning, over 7 pot of ten of employees are willing to share confidential corporate information. The ratio climbs to 8 out of ten in the financial services sector. These numbers are in stark contrast to the fact that 65% of the surveyed population said that it was their responsibility to protect confidential data. Brett Hansen, vice president for endpoint and data security at Dell noted that "There is an acknowledgment by employees that security is important But their actions are not consistent with good data security."
Click here to read more

Five New Threats to Your Mobile Device Security

In the first quarter of 2017 McAfee Labs detected and identified over 1.5 million new incidents of mobile malware. That discovery adds to other known threats for a total of more than 16 million mobile malware incidents. It is clear that mobile devices are coming increasingly under attack, and no platform is immune. Of the companies surveyed, twenty percent said their mobile devices were breached. Twenty five percent of respondents didn t even know if they were attacked. Nearly all of the companies surveyed expect the frequency of mobile attacks to increase, and nearly eighty percent agreed that it s becoming more difficult to secure mobile devices.
Click here to read more