The Cybersecurity and Infrastructure Security Agency (CISAQ) urged administrators and users to review Microsoft s guidance on a workaround to the Follina vulnerability. The malware affects the Microsoft Support Diagnostic Tool in Windows. Follina enables a remote, unauthenticated user to take control of a system by exploiting downloaded Microsoft Office documents. It impacts all versions of Office 365 files when using an .RTF file. At this writing a patch has not been issued. In the interim, IT professionals should investigate rogue child processes created under Microsoft Office products, including msdt.exe and sdiagnhost.exe. Microsoft also suggested disabling MSDT URL protocol as a workaround. This action will prevent troubleshooters from launching as links. In addition, users with Microsoft Defender Antivirus should turn on cloud-delivered protection and automatic-sample submission. IT managers can also identify vulnerable systems using their IT asset management tools.

Self-acquired tools create a potential for more shadow IT and less visibility into operations. As employees go back to working into central hubs, it becomes harder for IT teams to maintain diverse systems while trying to manage a greater number of tools and applications. Before the pandemic, IT department toolkits included collaboration software, productivity tools and other enterprise applications. Now they must also manage a new suite of employee acquired software tools. Using an IT asset management system, IT managers can create a complete inventory of each software that is on the network.

Today companies are spending too much on cloud. according to Flexera s 2022 State of the Cloud report over 80% of companies surveyed regard spend management as a top cloud-related challenge. Brian Adler, senior director of cloud market strategy at Flexera, noted that The cloud makes it ridiculously easy to spend money. This problem is a cloud version of shadow IT. If firms don t have a handle on what they are using, and what they are paying for, they will inevitably spend on cloud services they don t need. Adler also observed that It s Day One for everybody in the cloud at some point, he said. Without visibility into cloud services spending can grow to a point where t on-premises seems like the cost-effective action. An IT asset management solution that can track and report cloud services and usage can be an invaluable tool in controlling cloud-related costs.

Microsoft recently announced that it will no longer support Internet Explorer. the once-dominant browser that legions of web surfers loved to hate and a few still claim to adore. IE s demise was announced in 2021 when Microsoft said that it was putting an end to Internet Explorer on June 15, 2022. Users were pushed to its Edge browser, which was released in 2015. Users often complained that IE was slow, prone to crashing and vulnerable to hacks. To mitigate the security dangers presented by unsupported software, IT managers can identify systems running IE by using their IT asset management solutions to perform a software inventory. Systems running IE can then be selectively upgraded.

With its June 2022 Patch Tuesday updates, Microsoft has fixed approximately 50 vulnerabilities. Among them is the actively exploited flaw known as Follina and CVE-2022-30190. The Follina vulnerability has been exploited for remote code execution using specially crafted documents. Although Microsoft has been known the cause of the vulnerability for several years, the company seems to have ignored the issue until a researcher discovered and published that is was being actively exploited. The first attacks leveraging Follina were launched in April of this year, and exploitation attempts have increased in recent months. While a patch has now been released, Microsoft did make available workarounds and mitigations shortly after the disclosure. IT managers can identify vulnerable systems using their IT asset management toolkit.

Adobe recently shipped patches to deal with 18 serious security defects in multiple enterprise-facing products. The company warned users hat unpatched systems are vulnerable to remote code execution attacks. Critical vulnerabilities were discovered and faddressedin the FrameMaker document processor, the InCopy and InDesign suites, the Character Animator motion capture tool and the Adobe ColdFusion platform. According to Adobe, 10 of the 18 vulnerabilities were addressed in Adobe FrameMaker. the document processor used by large organizations to write and edit large or complex documents. Adobe warned users that "This update addresses an important and multiple?critical vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak." The company said it was not aware of any in-the-wild exploits. IT managers can identify unpatched systems using their IT asset management solutions.

Alex Holden, CISO with Hold Security added that. "It all has to be taken into account, so when something new comes up, you'll know if it's something you have to fix." A comprehensive IT asset management solution can automate the creation and maintenance of a current, accurate and comprehensive inventory.

Apple patched CVE-2022-22675 with the release of macOS Big Sur 11.6.6, watchOS 8.6, and tvOS 15.5, and CVE-2022-22674 with Security Update 2022-004 for Catalina. Other vulnerabilities were also resolved with the latest Big Sur and Catalina updates. The company also released software updates for macOS Monterey, iOS, and iPadOS. Security updates were also released for Xcode and Safari. IT Professionals can utilize their IT asset ,management tools to identify vulnerable ot unpatched systems.

According to Foundry s 2022 Cloud Computing Survey controlling costs is the top challenge for over 35 percent of cloud adopters, The survey found that companies plan to devote over 30 percent of IT budget toward cloud in the next 12 months. However, decentralized IT and multicloud strategies create cost challenges. Too often firms using decentralized IT and multicloud strategies struggle to determine how specific departments or developers utilize the cloud resources. A cloud oversight and governance structure is important a multicloud environment, as companie must be aware of the resources available to optimize costs. An IT asset management software application designed to discover and report on cloud assets can be a useful tool to control cloud costs and utilization.

In the time since the initial response to the pandemic, hardware purchasing trends at the enterprise level have changes. Companies needed to ensure that they did not neglect their hardware needs. Today many are moving purchasing away from fixed assets such as desktop PCs in favor of more mobile gadgets. adjusting their provider strategy to match their needs. Analysts expect that the changes will become permanent. In some cases, companies provided employees with stipends to purchase the equipment they needed for remote work they need on their own. This approach took the burden of buying, and shipping everything to their newly minted work-from-home workforce away from the IT department. An IT asset management tool that can discover and inventory a wide range of assets in a distributed environment can help the IT department into manage and support remote equipment and software.

Many organizations do not maintain a comprehensive and current inventory of products, capabilities and services obtained from third-party IT providers. With the prevalence of cloud services, open-source software and multitiered service providers, organizations can easily lose track of what equipment, software and services have been acquired from various vendors. It is critical for an organization to be able toto identify the applications, services, solutions, infrastructure and data they rely on for day-to-day operations. A configuration management database (CMDB) is often the ideal repository for the storage of technical details of all third-party IT products and capabilities operating within the organization. IT personnel can then use the CMDB to identify if and where an organization is vulnerable to an exposure if third-party vulnerabilities are made evident. The CMDB should also include dependency data on the business processes with which the products and services interact. This information will enable the organization to make any risk-based decisions regarding protective and remedial actions needed to mitigate the risk posed by identified vulnerabilities.

The National Institute of Standards and Technology s (NIST) National Cybersecurity Center of Excellence (NCCoE) recently issued its final guidance regarding enterprise software patch management. The guidance is intended to assist organizations to prevent vulnerabilities and exploitation within their IT systems. The two publications (SP-800-40 - a guide to enterprise patch management planning and SP 1800-31 - cases and approaches for improving enterprise patching practices) focused on the need to prioritize patching and preventive maintenance as a means to prevent data breaches and disruptions within the IT infrastructure. The documents make it clear that unpatched devices and systems are easy network entry points for cybercriminals. Patching may become problematic as organizations may not know how many devices are on their networks at any given time. A fully functional IT asset management solution can provide detailed information on all installed devices, software and their patch status.

The US Cybersecurity and Infrastructure Security Agency (CISA) reported that a newly patched Windows Print Spooler vulnerability has been exploited in attacks. The vulnerability, which is tracked as CVE-2022-22718, was addressed by Microsoft with its February 2022 Patch Tuesday update. However, according to Microsoft, CVE-2022-22718 can be exploited by a local attacker to escalate privileges without t any user interaction. CISA noted that the vulnerability to its Known Exploited Vulnerabilities Catalog, which includes almost 650 exploited flaws. CISA advises all organizations to prioritize the patching of the vulnerabilities included in this catalog. Many IT professionals consider CISA s catalog to be a Must Patch list. An IT asset management solution can provide IT management with detailed information on the patch status of each device in the network.

According to tracking data from Zero Day Initiative (ZDI), Microsoft patched 128 new Windows vulnerabilities in April of this year. The April patches cover serious vulnerabilities in Microsoft Defender, Microsoft Dynamics, Exchange Server, Microsoft Office, SharePoint Server, Windows Hyper-V, DNS Server, Windows App Store, and Windows Print Spooler Components. ZDI researchers are urging Windows administrators to prioritize the zero-day update along with a handful of critical bugs that could result in worm attacks. These include CVE-2022-26809 (CVSS 9.8), a vulnerability that can enable an attacker to execute code at high privileges on an affected system. An IT asset management solution can provide IT management with detailed information on unpatched or vulnerable systems.

According to Gartner, with the growth of Software-as-a service (SaaS), shadow IT in the traditional sense, is on the decline. This trend has because IT has either sanctioned a group of useful SaaS tools that it does not provide directly, or business units are requesting IT's clearance to use a new service. Lane Severson, senior research director at Gartner, noted that "It's clear that we are moving away from shadow IT in the classic sense and moving into the era of business-led IT where workers are making decisions about what apps they want to use to get their job done. But they are working with IT to make sure those apps are sanctioned. They aren't just buying random cloud applications and expensing them as much as they were pre-COVID[-19]." Rob Zahn, CIO at AAA of Ohio concurred, stating that The idea of business-led IT has some validity to it. During the pandemic, everyone was asking for IT's help. Because of that, the incidents of people using unsanctioned apps actually went down in his organization

Business unit technology acquisition frees CIOs from technology minutiae, creating more time to focus on strategy. However, compliance gaps and security and vulnerability concerns persist. Sheila Jordan, chief digital technology officer at Honeywell, noted that every SaaS software application the business unit acquires can have implications for the business if no one oversees the data flow. One approach is to place guardrails around the use of technology, prioritizing the key priorities credo while protecting the company's assets. Successful shadow IT deployments operate in an environment with centralized governance. Business unit technology acquisitions are inevitable, but technology leaders can use governance to reduce risk. On effective governance tool is a fully functional IT asset management tool, which can identify unauthorized ort on-standard software acquisitions.

Targeting old, identified vulnerabilities is a common practice used by attackers. Known vulnerabilities can be exploited for years if they are not patched, Forrester analyst Allie Mellen noted that, A classic example of this is the exploit EternalBlue. Despite patches being released for the vulnerability in March of 2017, the exploit was used in May of 2017 by the WannaCry ransomware, then again in June of 2017 in the NotPetya cyberattack. This is why patching systems quickly and effectively is so important. Ryan Linder, risk and vulnerability engineer at Censys said that the exploit affects the Server Message Block (SMB) protocol. Today there remain over 200,000 systems exposed to the internet which support SMBv1 (created in 1983). Too many companies fail to keep their software up to date, leaving them vulnerable to critical exploits. and even when exploits are disclosed publicly, many still fail to patch their systems. An IT asset management solution is an effective tool to identify unpatched and vulnerable systems.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Since November 2021 over 500 security flaws have been added to the Must-Patch list. The recently added flaws are older issues, some of which have been patched for more than half a decade. One new addition affects SonicWall SonicOS and 14 are Microsoft Windows vulnerabilities. CISA is requesting that federal agencies to address the newly flagged security defects by April 5. CISA created the Known Exploited Vulnerabilities Catalog to assist federal agencies manage their vulnerabilities. All organizations are advised to review the list and address the identified flaws as soon as possible. A fully features IT asset management tool could help government agencies to identify unpatched or vulnerable systems.

Apple also released software updates to address security vulnerabilities in macOS (Catalina, Big Sur, Monterey), tvOS, WatchOS, iTunes and Xcode. At least five of the iOS/iPad vulnerabilities could lead to remote code execution attacks. An iPhone user would need to open a malicious PDF file or view malicious web content to enable the attack. According to Apple, the newest iOS 15.4 and iPadOS 15.4 address multiple memory safety issues in several OS components. IT p[professionals can utilize their IT asset management tools to identify unpatched systems.

Adobe recently shipped urgent security updates to fix code execution vulnerabilities in its Illustrator and After Effects products. The patches address several arbitrary code execution and memory leak vulnerabilities that could expose data to hacker attacks. Adobe rated the Illustrator flaw as critical with a CVSS base score of 7.8. The company described the bug as a buffer overflow affecting Illustrator 2022 version 26.0.3on both Windows and macOS machines. Adobe is strongly urging users to upgrade to Illustrator 2022 version 26.1.0. An IT asset management solution can assist IT professionals in identifying vulnerable and unpatched systems.

A robust IT asset management solution can assist in identifying vulnerabilities within the network.

Western Digital's recently issued an advisory that its EdgeRover desktop app for Windows and Mac is vulnerable to local privilege escalation and sandboxing escape bugs. That vulnerability could allow access to and disclosure of sensitive information. EdgeRover is a centralized content management solution for Western Digital and SanDisk products. It us used to unify multiple digital storage devices under a single management interface. Considering the wide use opf of Western Digital s products, it is likely that there are likely a significant number of systems using EdgeRover. The vulnerability, tracked as CVE-2022-22998, and has has been given a CVSS v3 severity rating of 9.1; making it a critical flaw. Western Digital is advising its customers to update their EdgeRover desktop applications to version 1.5.1-594 or later. These versions were recently released last week to resolve the vulnerabilities. IT managers can use their IT asset management tools to identify vulnerable systems.

To companies that haven t prioritized cybersecurity, one wonders whether frequent alerts from the government may go unnoticed. But what if the overall level of cyberaggression does spike so such that businesses must address the issue pay? When the intrusion alarms go off, advice about running cybersecurity drills, installing new security tools and encrypting data will be no help. A panel experts made a list of cybersecurity preventative actions a business could reasonably complete in about five business days. Matt Gyde, chairman and CEO of Foresite noted that Patching is the single most important security process an organization can do to drastically improve their security posture. Threat actors are lazy, so they go for the easiest approach. If a threat actor knows that your front door is unlocked [you have a clear vulnerability]. Gyde continued to say that Besides aggressively patching all systems in the environment, the best thing to do is to have robust monitoring of the environment. You cannot defend what you cannot see, and every organization has black holes of rogue IT within them. Every asset must be monitored. A robust IT asset management solution can easily identify unpatched systems and inventory every device and software application on the network

IT asset management (ITAM) has been a challenge CIOs and CFOs for some time. With the technology available today, tracking IT assets should not be difficult. Device discovery, network monitoring and cybersecurity tools can report when a device connects or disconnects from a network. Software asset management can report the total number of licenses in use and the number if licenses that are paid for. Automated asset discovery tools can scan for equipment not owner by IT. All of these processes are made that much easier since every purchase should go through procurement or the accounting department. And, if a CIO lacks the in-house resources, most of these services can be obtained through a managed service provider. ITAM can become a valuable tool in managing the IT infrastructure and controlling overall IT costs.

Multicloud computing environments are becoming the standard enterprise computing strategy. Over thirty percent of IT managers operate in a multicloud framework. That number is expected to exceed 60% within three years according to a Nutanix-sponsored Vanson Bourne survey. Multi-cloud deployment is even more widespread in large enterprises. Over fifty percent of large organizations use multicloud, and that is expected to grow to 80% within three years. The critical challenge facing companies is navigating a tech stack where interoperability is very difficult to achieve. Clouds remain segmented and businesses have few tools or strategies to effectively navigate the complexity. Firms can, however, adopt an IT asset management solution that can help manage various cloud solutions and identify potential waste and overlap in a multi-cloud environment.

IT remains involved in the process for sign-off on cybersecurity, data privacy or regulatory issues. However, rogue IT is still a major issue. IT leaders can utilize their IT asset management software to identify independently acquired software that could be injurious to the network or cause compatibility problems.

IT departments were unprepared to support thousands of remote employees after Covid-19 forced workers out of the office. However, with nearly everyone working from home (WFH) the tools employees relied on were not as effective when accessed from outside the corporate network. Consequently, WFH employees sourced the needed software themselves. However, according to Gartner, shadow IT, in the traditional sense, is on the decline. In many cases IT has either sanctioned a wide array of useful SaaS tools for individual or departmental use, or the business units are asking IT's permission to use a new service. Lane Severson, senior research director at Gartner noted that "It's clear that we are moving away from shadow IT in the classic sense and moving into the era of business-led IT where workers are making decisions about what apps they want to use to get their job done. But they are working with IT to make sure those apps are sanctioned. They aren't just buying random cloud applications and expensing them as much as they were pre-COVID-19." IT asset management tools are an effective way for IT to monitor exactly what is running on the network, both for on-premises and remote workers.

The US Cybersecurity and Infrastructure Security Agency (CISA) has included 15 additional vulnerabilities to its catalog of flaws that are actively exploited by hackers in the wild. Some date back to 2014. However, but two are in Windows components from the past two years. The agency noted in its advisory that "These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise." The CISA Known Exploited Vulnerabilities Catalog is updated regularly based on real world attacks. Each vulnerability receives a deadline by which federal agencies must patch it on their systems. CIOs can use the IT asset management solution to identify systems that continue to have unpatched vulnerabilities identified by CISA.

A recent report by Ivanti ,working with Cyware and Cyber Security Works, determined that cyber-criminals continually leverage unpatched vulnerabilities as their main ransomware attack vector,. Researchers discovered 65 new vulnerabilities associated with ransomware in 2021. This number was nearly a 30% growth compared to 2020. More than a third of those new vulnerabilities were being actively searched for on the internet. This fact further empasizes the need to prioritize patching. The report noted that Unpatched vulnerabilities are the main attack vectors that ransomware groups exploit to gain entry into vulnerable networks. However, our research also identified ransomware groups expanding their focus to not just single unpatched instances but to combinations of vulnerabilities, vulnerable third-party applications, technology protocols, and even insider recruiting as a means to take that first step in launching an attack. IT asset management solutions are a first line of defense in identifying vulnerable systems and software.

Microsoft also issued a patch an Office for Mac security vulnerability that enables exploitation via the Preview Pane to expose sensitive user data. IT managers can identify unpatched systems using their It asset management tools.

FCVM overlaps with other capabilities such as digital risk protection services (DRPS) and IT asset management (ITAM). FCVM includes software and processes, including cloud agents, active scanner capability and network analysis that are designed to automatically discover all infrastructure assets without the need for human intervention. On-premises assets, remote assets, cloud and mobile assets should be discoverable. FCM also includes virtual scanning technology to actively locate assets and vulnerabilities anywhere in the network environment. The system should also provide a cyber risk score to inform IT teams about the overall vulnerability of the network and prioritizes. An FCVM solution should also initiate a remediation processes and provide automatic follow-up enabling IT and security teams to know which critical vulnerability will be patched.

According to a recent U.S. Bureau of Labor Statistics (BLS) report, since the start of the pandemic more than 30% of private-sector employers increased telework for some or all employees. The study included data from over 80,000 private-sector employers between July of2 021, and September of 2021. In addition, 25% of private-sector employers offered flexible or work hours. Over the past 2 years, many reports indicated that remote and hybrid work would be become a more permanent model for many employees. The BLS confirms that observation. The BLS survey showed that employers that increased telework, 60% and they expect it to be a permanent change. The move to remote work further underscores the need for IT asset management tools that can identify devices and software in corporate and distributed networks.

Software-as-a-Service (SaaS) impacts how companies operate, from back-office operations to automated manufacturing processes. according to a report from Spiceworks Ziff Davis in 2022 productivity tools taking up the largest share of the overall software budgets. Prioritizing productivity is a broader trend in IT this year. The top goal for 2022 is improving day-to-day operations, and to use the best technologies and strategies are used to accomplish the goal. As a result, SaaS buying will continue to decentralize in 2022, redefining which groups are doing the buying and how the tools are acquired. This article outlines five trends that will shape enterprise SaaS use in 2022:

According to Flexera's State of ITAM 2022 report, almost thirty percent of SaaS software spend is underutilized or wasted. The survey included 465 global IT professionals at companies with 1,000 or more employees. Companies also have difficulty managing desktop software. The report noted that employees estimated that over thirty percent of the company s spend in this category is either underutilized or wasted. Only one-third of surveyed IT asset management teams said that they currently SaaS usage, and almost half of respondents plan to start tracking SaaS usage. Most respondents noted that their main priority is responding to audits. Clearly, an IT asset management solution that can help manage cloud services, especially SaaS, will yield real benefits to the IT organization.

Security researchers are warning the impacts of the Log4j vulnerability will continue to leave organizations open to potential threats during the first months of 2022. Microsoft said in an updated blogpost that "Exploitation attempts and scanning remained high during the last weeks of December." Attackers have added additional exploits to existing malware kits and tactics, ranging from coin miners to hands-on-keyboard attacks. The Apache Software Foundation recently released version 2.17.1 of Log4j. It is the latest in a series of updates since the vulnerability was disclosed in December. The newly released fix addresses the risk of remote code execution when an attacker with certain permissions can create a malicious configuration using a JDBC Appender. The Log4j attacks underscore the need to patch on an ongoing basis and to use an It asset management solution to identify vulnerable systems,

Tracked as CVE-2021-22045, the vulnerability exists in the CD-ROM device emulation function of Workstation, Fusion and ESXi. Disabling or disconnecting the CD-ROM/DVD devices on all running virtual machines should prevent any potential exploitation. CVE-2021-22045 affects ESXi 6.5, 6.7, and 7 versions, Workstation 16.x, and Fusion 12.x. VMware Cloud Foundation (ESXi) 4.x and 3.x are affected as well. IT managers can use their IT asset management tools to identify vulnerable and/or unpatched systems.

Every industry, regardless of its size, is working to realize the benefits of the cloud. However, it is crucial to align the cloud strategy with the business goals and desired outcomes. From a security standpoint, it s also important to be aware of the regulatory and compliance requirements and how they can be achieved using cloud platforms. It is naive to believe that the cloud provider is entirely responsible for its customers security. Too many enterprises are failing to address how their employees use external applications, leaving them free to share huge amounts of proprietary information. A cloud providers Software as a Service (SaaS) model does not mean IT does not need a holistic program that covers people, processes, and technology. A fully functional IT asset management solution that helps manage cloud applications and vendors provides a good platform to fgain control over cloud assets.

In order to secure their technology against cyber-criminals, firms must know what is inside their software. This was highlighted in 2021to secure it against hackers and prevent the type of upheaval seen at the end of 2021 when widely used Log4j software was found to have a serious security flaw. The lack of visibility into the components of corporate software has given rise to an old idea; developers must provide a complete inventory of what software components are built into their software packages That would include open-source components used by programmers during development. Many open-source projects are maintained by only a handful of developers generally aren t vetted by security teams. This combination opens a software system to attack. The U.S. Cybersecurity and Infrastructure Security Agency has promoted such a listing known as a software bill of materials (SBOM) as a means to better respond to new vulnerabilities.

One vulnerability, labeled CVE-2022-21907, is a remote code execution (RCE) flaw in the HTTP Protocol Stack. This vulnerability can be enabled in Windows server 2022, 20H2 core, along with Windows 10 and Windows 11 versions. The vulnerability is wormable, as it does not require human interaction to spread its attack surface. Microsoft recommends that organizations prioritize patching this vulnerability immediately. IT managers can utilize their IT asset management software to identify unpatched or vulnerable servers.

Apple recently released an urgent iOS update with fixes for 11 documented security flaws. The company noted that one of the vulnerabilities may have been actively exploited. The CVE-2022-22587 flaw is a memory corruption issue that enables a malicious application to execute arbitrary code with kernel privileges. In addition, the iOS 15.3 patch repairs code execution flaws in ColorSync, kernel, and the WebKit rendering engine. IT managers can identify unpatched systems using their IT asset management tools.