Industry News - May 2020
Lockbit, The New Ransomware For Hire: A Sad And Cautionary Tale
Ransomware is one of the top threats facing large organizations. An infection by a fairly new strain called LockBit recently ransacked one company s poorly secured network in a matter of hours, leaving management with no viable choice but to pay the ransom. Attackers started out by researching potential targets with valuable data and the means to make big payouts. The attackers used a list of words attempting to gain access to one of the accounts. Eventually, they found an administrative account that had access to the entire network. The weak account password, combined with the lack of multifactor authentication protection, gave the attackers all the system rights they needed. Unlike other ransomware software that rely on live human hackers whospend large amounts of time surveying and surveilling a target s network and then unleash the code that will encrypt it. LockBit it is completely self-spreading. The attacker needs to be inside the network for a few hours.
Click here to read more
Office 365 May Be Popular Target for Bad Actors, But Difficult to Hit
Baker & Hostetler s 2020 Data Security Incident Response Report indicates that taking over Microsoft Office 365 accounts is a high priority for cyber-criminals who have breached an organization s cybersecurity. It also shows that ransomware is thriving with the help of stolen contact lists pilfered from under-protected accounts.
The report utilized information obtained from 950 cyber incidents that Baker & Hostetler consulted on in 2019. In over 30% of the cases examined, cyber-criminals initiated an Office 365 account takeover after the initial breach. Deployment of ransomware was the next most common step followed by the installation of malware.
Click here to read more
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking
Security researchers known that Intel's Thunderbolt interface as a potential security issue. It offers faster speeds of data transfer to external devices and direct access to a computer's memory ports, which can lead to security vulnerabilities. A collection of flaws in Thunderbolt known as Thunderclap indicates that plugging a malicious device into a computer's Thunderbolt port can quickly bypass all of its security measures. Security researchers have recommended that users take advantage of a Thunderbolt feature known as "security levels." This feature disallowd access to untrusted devices or even turns off Thunderbolt altogether. That would turn the vulnerable port into a mere USB and display port. IT managers can scan their network for affected devices using their IT asset management solutions.
Click here to read more
IT Asset Management (ITAM): A Centralized Approach To Managing IT systems And Assets
IT asset management (ITAM) coverds practices and strategies for managing and optimizing company-owned IT systems, including hardware, software processes and data. As part of an ITAM strategy, IT departments implement, track and maintain IT assets. They also assess if those IT assets can be optimized, replaced or be upgraded. These insights into an organization s IT assets enables IT executives visualize the ROI on IT assets. The information also provided information other key stakeholders regarding how those assets directly benefit the company s business goals. A successful ITAM strategy requires a complete IT inventory that gives organizations a quick view of every IT asset within the company. That includes data centers, software, hardware, networks, employee or user workstations and any other related technology. The main goals of ITAM are to optimize budgets, track assets, improve control over the company s IT environment, bring more structure to the IT lifecycle management process and reduce waste by managing the disposal of IT assets.
Click here to read more
You Need to Update Adobe Acrobat for MacOS Right Now
Adobe Acrobat DC users on a Mac should update their software immediately. Adobe recently pushed out a patch that addressed a security issue that allowed local users to exploit Adobe Acrobat DC to gain root access to a macOS computer without being detected. The software update adds a Protected Mode that sandboxes the app and covers all the features and workflows in Acrobat.
Protected Mode is turned off by default, so users will need to take a few steps after updating Acrobat to the latest version. To enable protected mode users will need to Open Acrobat, go to the Edit menu, select Preferences, and from the Categories section, select Security and click the checkbox that says Enable Protected Mode at Startup (Preview).
Click here to read more
Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic
An important lesson from the WannaCry incident that impacted companies worldwide three years ago is that vompanies that use outdated systems and do not rigorously patch those systems are at risk from data breaches and attacks by ransomware. Too many y companies continue to use out-of-date software that is vulnerable to destructive attacks. According to Jacob Noffke, senior principal cyber engineer at Raytheon Intelligence & Space, in a statement sent to Dark Reading, companies with weaker defenses will be a prime target for cybercriminals looking to capitalize on WannaCry-inspired attacks. IT managers can easily identify unpatched system by running detailed discovery reports onn their IT asset management software.
Click here to read more
Chrome 83 Released with Enhanced Privacy Controls, Tab Groups Feature
Google recently released version 83 of its Chrome web browser. It is one of the most feature-packed Chrome updates released since the browser's initial launch. The v83 release includes a slew of new including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature..
Click here to read more
Industry News - Apr 2020
Holy Water Watering Hole Attack Targets Visitors of Certain Websites with Malware
Kaspersky recently reported on the behavior of several watering hole websites established through a malware campaign dubbed Holy Water. In a watering hole attack, cybercriminals identify websites that are visited by particular groups of people and then infect hose sites with malware. When a user visits an infected site, a piece of malicious JavaScript automatically loads to determine if the user is a potential target. Next a second JavaScript piece loads a plugin that launches a fake Adobe Flash update popup window. By accepting the update the victim unknowingly downloads a malicious installer that sets up a backdoor caledGodlike12. This malware provides the attacker dfull remote access to the infected computer where they can change files and steal confidential information.
Click here to read more
Over 350,000 Exchange Servers Exposed to Serious RCE Bug
Over 350,000 Exchange servers worldwide remain exposed to a critical vulnerability that was patched by Microsoft in February. The vulnerability is being exploited in the wild, according to Rapid7.The vulnerability, labeled CVE-2020-0688, enables remote code execution on unpatched systems if the Exchange Control Panel (ECP) interface is accessible to the attacker sand they have a working credential for it. aAtackers can gain access an Exchange server with a simple user credential or old service account. This issue further underscores why changing passwords periodically and patching systems in a timely manner are good best practices. IT managers can utilize their automated IT asset management resources to identify unpatched servers.
Click here to read more
New White Paper - Create Secure Work from Home Machines
With thousands of end-users using Work From Home (WFH) computers, companies need to determine that those WFH computers are not creating security risks when they access corporate or government networks. As WFH devices are not located within the organization s firewall and need to be better protected than the organization s on-premises machines. NIST and the CIS have established specific WFH security controls firms can follow with confidence to minimize the security risks for their WFH machines. The whitepaper "Create Secure Work from Home machines", describes how to accomplish this with standardized controls from NIST and the CIS. Click on the link below to download a free copy.
Click here to read more
Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions
This bulletin summarizes highlights from NIST Special Publication 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, which helps organizations protect their IT systems and information from the security risks that accompany the use of telework and remote access technologies. To download a complimentary copy of the bulleting click on the link bwlow.
Click here to read more
Hacking Against Corporations Surges As Workers Take Computers Home
Hacking activity against corporations more than doubled im March as cyber criminals took advantage of security weakened by pandemic work-from-home policies, researchers said. It is more difficult for corporate security teams to protect data when it is distributed on home computers with widely varying setups and on company machines connecting remotely. Even remote workers using virtual private networks (VPNs are adding to the problem. VMware cybersecurity strategist Tom Kellermann noted that There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring. It s just easier, frankly, to hack a remote user than it is someone sitting inside their corporate environment.
Click here to read more
Google Launches BeyondCorp Remote Access for Virtual Workers
Google LLC updated its BeyondCorp security framework to enable companies to secure their most important applications and data at a time when many workers are working from home due to the COVID-19 pandemic. BeyondCorp is a zero-trust security framework that moves access controls from the perimeter to individual devices and users It allows employees to work securely from any location without the need for a traditional VPN. BeyondCorp assumes that users are requesting access from inside the network are just as untrustworthy as those seeking remote access. Consequently, access requests are granted based on details about the particular users, their jobs and the security status of their devices. That s the zero trust model, and Google claims it is far more effective than traditional network security controls.
Click here to read more
New iPhone Text-Bomb Bug: Just Receiving This Sindhi Character Notification Crashes iPhones
The latest version of Apple's mobile OS, iOS 13.4.1, will crash if device running the OS simply receives an app notification with a particular string of characters in the Sindhi language. This 'text bomb' bug can potentially cause widespread problems for iOS users. The crash can be triggered by a notification from any app, including Messages, WhatsApp, and social-media apps like Twitter. It can affect thousands of users simultaneously. 9to5Mac reports that the crash-inducing characters have been going viral on Twitter and that it seems to have originally been shared on a Telegram group. After the Sindi character in a text or other message the iPhone freezes, can't be turned off, and will eventually crash.
Click here to read more
Symlink Race Bugs Discovered In 28 Antivirus Products
In a recent report Security researchers from RACK911 Labs said k that they found "symlink race" vulnerabilities in antivirus products. The report notes that the bugs can be exploited by an attacker to delete files used by the antivirus or by the operating system. The result would be crashes that would render the computer unusable. The RACK911 team has been researching the presence of such bugs in antivirus products since 2018 and found 28 products across Linux, Mac, and Windows to be vulnerable, and notified vendors as time went by. The researchers said that "Most of the antivirus vendors have fixed their products with a few unfortunate exceptions." Some vendors acknowledged the issues in public advisories while others appear to have rolled out silent patches. The RACK911 team did not identify the unpatched products.
Click here to read more
New Licensing Changes in Latest Oracle Java Update
Oracle has changed the rules on personal and professional use as of the January 2020 update. Learn more about the new license rules and permissions so your organization can stay in compliance. Click on the link below to Learn more about;
- New Production Application Rules
- New Usage Options
- New License Requirements
- Personal Use Rules
- Commercial Use Rules
- Oracle Technology Network Enrollment
- OpenJDK vs Oracle OpenJDK
- Strategic Contract Options
- New On-Premise & Cloud License Types
- How to license development and backup servers
- Support Contracts & Renewal Strategies
- Changes that trigger licensing issues
Click here to read more
Industry News - Mar 2020
Microsoft Discloses New Windows Vulnerability That's Being Actively Exploited
Microsoft disclosed that it discovered a new remote code execution vulnerability that is found in all supported versions of Windows. The company said the vulnerability is currently being exploited in limited targeted attacks. In a successful attack hackers could theoretically remotely run code or malware on the victim s device. The flaw involves the Adobe Type Manager Library, which helps Windows render fonts. The vulnerability has a severity level of critical, which is the company s highest rating. Updates to address security vulnerabilities are usually released as part of Update Tuesday. The next Update Tuesday is scheduled for April 14th. IT managers can verify then patch was installed by using their IT asset management toolset.
Click here to read more
Avast Disables JavaScript Engine In Its Antivirus Following Major Bug
Antivirus maker Avast has disabled a major component of its antivirus product following the discovery of a dangerous vulnerability that put the company's users at risk. The security flaw was found in Avast's JavaScript engine, which analyzes JavaScript code for malware before allowing it to execute in browsers or email clients. A security researcher at Google noted that,
"Despite being highly privileged and processing untrusted input by design, it is un-sandboxed and has poor mitigation. Any vulnerabilities in this process are critical, and easily accessible to remote attackers." Exploiting this type of bug is trivial and only requires a hacker to send a user a malicious JS or WSH file via email, or tricking a victim to access a boobytrapped file with malicious JavaScript code.
Click here to read more
MALWARE ALERT! Do Not Open Email from World Health Organization!
Researchers at IBM X-Force have discovered that the HawkEye malware is being distributed to the public using a World Health Organization e-mail address from Director-General Tedros Adhanom Ghebreyesus. Upon opening the email victims are asked to click and open up a link that is attached to the e-mail which launches a password-and-bitcoin harvesting malware on Windows. IT managers are urged to alert their users to this threat.
Click here to read more
Microsoft Issues Emergency Windows 10 Patch for Leaked Vulnerability
Microsoft released an unscheduled patch for a security bug that it disclosed during the release of its March 2020 patch. The vulnerability, which difficult to exploit, is "critical" because it could allow malicious code to automatically spread from one machine to another. With the fix Microsoft is working to avoid a chain reaction scenario such as the one that occurred with the WannaCry and NotPetya viruses. The vulnerability exists in Microsoft's Server Message block (SMB) protocol on recent 32- and 64-bit versions of Windows 10 both on the client and server sides. IT managers can use their It asset management software to determine if the fix has been installed.
Click here to read more
UPDATED: Get Your Free Cybersecurity Tech to Cope With Your Coronavirus Chaos
In light of the Covid-19 crisis, some companies are making some of their services available for free. If your users don t already have a password manager or two-factor authentication, you might be wise to advise them of some of these current offers. Cisco is allowing customers of its Duo Security tool go above their user limit as their employees increasingly work from home. New customers can get a free license. Duo Security s primary service is a two-factor authentication tool that can be added to web and mobile apps. Canadian company 1Password has removed the 30-day trial period on 1Password Business, making the first six months are free. (The normal cost is $7.99 per user.) Its password manager keeps all of a user s logins in one spot so they don t have to remember them. If your company doesn t already have a password manager, it s not a good place to start.
Click here to read more
AT&T Suspends Broadband Data Caps During Coronavirus Crisis
AT&T is the first major ISP that it will be suspending all broadband usage caps as millions of Americans work at home in order to slow the proliferation of COVID-19. Consumer groups and a coalition of legislators are now pressuring other ISPs to do the same. While many AT&T users have no usage caps, others see usage caps ranging from as little as 150 GB to 1 terabyte per month. Users that exceed those limits face penalties upwards of $10 per each additional 50 gigabytes consumed. As millions of US citizens are forced to work, videoconference, and learn at home, overage costs could increase the financial burden on consumers. US consumers already pay some of the highest prices for broadband in the developed world.
Click here to read more
Google And Microsoft Are Giving Away Enterprise Conferencing Tools Due To Coronavirus
To help companies cope with the coronavirus outbreak Google and Microsoft have said, to make it easier for people to work from home, they will provide free access to their more robust teleconferencing and collaboration tools that are typically only available to enterprise customers. Both companies are only offering free access for a limited time. Google announced that it would be offering free access to advanced features for Hangouts Meet to all G Suite and G Suite for Education customers through July 1st. This will organizations to host meetings with up to 250 participants, live stream to up to 100,000 viewers within a single domain, and record and save meetings to Google Drive. Google typically charges $13 extra per user per month for these features in addition to G Suite access under its enterprise tier, which bring s the cost to $25 per user per month. Microsoft is offering a free six-month trial globally for a premium tier of Microsoft Teams Business The tier was originally designed to enable hospitals, schools. When signing up for it, users be prompted to work with a Microsoft partner or a member of Microsoft s sales team to get it set up. Microsoft will also roll out an update to the free version of Teams that will lift restrictions on how many users can be part of a team and allow users to schedule video calls and conferences.
Click here to read more
Almost Half of Mobile Malware Are Hidden Apps
According to a new report by McAfee, certain apps are hiding themselves and stealing resources and data from mobile devices. This growing threat amounts to almost fifty percent of all malicious mobile malware, and a 30% increase from 2018. A new malware family called LeifAccess or Shopper is taking advantage of the accessibility features in Android to create accounts, download apps, and post reviews, according to the report. , LeifAccess does not create an icon or shortcut, and it's not immediately obvious that the app is installed. The report notes that users receive fake warnings enticing them to activate accessibility services, enabling the full range of the malware's capabilities.
The malware waits up to eight hours before showing the fake notification in an effort to separate the warnings from installation. The malware, first identified in May 2019, has been spreading globally.
Click here to read more
To download the McAfee report go to: https://www.businesswire.com/news/home/52182589/en
Android Malware Can Steal Google Authenticator 2FA Codes
Security researchers reported that an Android malware strain can steal one-time passcodes generated through Google Authenticator. Google Authenticator is a a mobile app that is used as a two-factor authentication (2FA) layer for many online accounts. Google launched Authenticator as an alternative to SMS-based one-time passcodes. Google Authenticator codes are generated on a user's smartphone and never travel through insecure mobile networks and are considered more secure than those protected by SMS-based codes. Security researchers from mobile security firm ThreatFabric identified an Authenticator OTP-stealing capability in recent samples of Cerberus, an Android banking trojan that launched in June 2019. The ThreatFabric team said "Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application. When the Authenticator]app is running, the Trojan can get the content of the interface and can send it to the command-and-control] server." IT managers are urged to use their IT asset management, anti-malware and MDM software to protect their user s devices.
Click here to read more
ITAM and Coronavirus: What s the Impact?
During the current Coronavirus (COVID-19) outbreak it s worthwhile considering the impact it may have on ITAM organizations. The sudden need for many companies workforces to start working from home puts pressure on IT in various ways, particularly in the licensing and compliance aspects of the practice. Three areas of note are: processes not being followed, becoming under-licensed and becoming over-licensed. Many of processes will have been forgone during the effort get people up and running in their newly created home offices. To keep things functioning at as normal a level as possible may mean bending/breaking/ignoring processes. The most likely result of processes being ignored is becoming under-licensing. Giving people access to software and sorting the licenses out later is the most common approach. However, later rarely comes and firms become out of compliance. On the other end of the spectrum the higher than average need for many software programs requires companies to buy more licenses. The obvious titles are remote working programs such as Zoom/WebEx/GoToMeeting/Teams etc. Previously just a portion of the organization who used these applications, but now potentially close to everyone will need them. Consequently, more licenses are required. Additionally, the increased number of users might put a firm into the next pricing bracket, making your existing users more expensive as well.
Click here to read more
Creating an ITAM Clean-Up Action Plan
Creating an ITAM clean-up action plan will mean that, after any major ort unexpected change a company will have a checklist of steps to methodically take stock of the situation. Firms need to be able to identify likely areas where and out-of-compliance situation may exist and then work to identify the new situation. Key areas include hardware re-inventory, software location and SaaS discovery. Although this list was compiled with the 2020 Coronavirus pandemic in mind but applies to a wide variety of scenarios. Firms need to current on what devices they have, where are they, and what s on them. With work-at-home increasing many additional laptops may have been deployed. IT management will need to know where they ve been deployed, who has them and, what data they hold, and what software is installed on them. Re-examine the servers and determine if new software been added. Then review your contracts to insure you are not non-compliant. If the software no longer needed, remove it and if it is needed, determine what may need to be purchased/negotiated. What apps are being used now? Do you have a tool or system that enables you to see this? It s highly probable that the firm utilized duplicate instances of certain types of SaaS software, especially video conferencing software. Most may be on free plans, but some might be paid and It managers should work to identify any double spending where corporate licenses already are in place.
Click here to read more
Industry News - Feb 2020
Stop What You re Doing and Delete These Android Apps Right Now
VPNPro has loisted 24 apps dealing with everything from weather to calendar and camera functionality, that are malware-laden and/or request a wide range of potentially nefarious permissions. Google has removed them from the Play Store, but not before they were million downloaded over 375 million times. VPNpro, noted that Our research has uncovered that they re asking for a huge amount of dangerous permissions, potentially putting users private data at risk. These dangerous permissions include the ability to make calls, take pictures and record video, record audio, and much more. apps in question come via a Chinese company that has a history of malware, rogue-ware and unethical practices. IT managers should access the report and use their MDM or IT asset tools to identify and remove them from company-owned devices.
Click here to read more
How Could ITAM Help Travelex Restore Service?
Foreign currency exchange provider Travelex has been down since ransomware attack on December 31st, 2019. Travelex has not paid the ransom demanded by the hackers and that they re rebuilding their IT estate from scratch. Travelex has taken quite a bit of time to repair it s IT infrastructure. Could their ITAM team be helping them to restore service more quickly, or prevent the attack? It has been widely reported that the ransomware was deployed to their network via unpatched Virtual Private Network (VPN) software. ITAM teams could be reporting the level of potentially vulnerable software deployed on the network. To restore service, the IT group first need a detailed understating of what the infrastructure was comprised. ITAM will have discovery and inventory data which can help, especially id it in a cloud-based solution partner vs cloud hosting model for your ITAM tool.
Click here to read more
One of the Most Destructive Botnets Can Now Spread To Nearby Wi-Fi Networks
Over the past five years, the Emotet malware has become a leading Internet threat that empties bank accounts and installs other types of malware on its victims systems. Recently, Emotet operators were caught using a new version that uses infected devices to enumerate all nearby Wi-Fi networks. Using a programming interface called wlanAPI, it profiles the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Next, the malware uses one of two password lists to guess commonly used username and password combinations. After gaining access to the Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it, which the malware also infects using the same technique. To combat the Emotet malware, IT managers can use their It asset management solution to identify all Wi-Fi routers and then insure they use complex password and username combination ns.
Click here to read more
75% of SAM Projects Fail. Why?
According to a well know IT consultancy, three quarters of all Software Asset Management (SAM) projects go over budget and do not meet their business goals. This whitepaper examines the SAM process and demonstrates where and why so many SAM projects run into major problems that impact performance and over budgets. Click on the URL below to download the whitepaper.
Click here to read more
Ransomware - How to Stop It
Ransomware has affected all types of public and private organizations on a worldwide basis. These attacks will likely continue as long as attackers can easily perform successful ransomware attacks and get paid,. However these attacks can almost all be pre-vented by implementing cyber defense best practices, such as those recommended by the Center for Internet Security (CIS). Click on the URL below to download the whitepaper.
Click here to read more
The Secrets to ITAM Technology Success Community Survey
The new ITAM Review community survey examines the secrets of success for ITAM tool implementation and what characteristics organizations look for when selecting ITAM tool or service providers. For an ITYAM program to succeed it requires a balanced approach of people, process and technology, but there is no single formula for success. Please share your experiences with us so we can share insights with the ITAM Review community. The golas of the survey are to
Understand ITAM tool success factors
Identify trends in ITAM Tool implementation techniques and approaches
Identify satisfaction levels with existing tools and service providers
Build on previous research from 2016 to identify long term trends
To participate in the survey go to: https://itamreview.typeform.com/to/jFEdmM
Click here to read more
Gartner Report: SaaS Management
Managing your SaaS providers has become increasingly complex. IT and procurement managers need to adopt new practices to optimize and protect the business value of their SaaS investments. A recent Gartner paper addresses this issue. It addresses how corporate leaders can:
actively track SaaS utilization to avoid budgetary problems
effectively manage SaaS contracts and vendor relationships
develop plans to cope with risks and performance issues
know how and when to shift vendor ownership within the enterprise
Software Asset Management best practices to ensure the availability of SaaS solutions
To download the report go to: https://info.aspera.com/gartner-saas-report-0?utm_campaign=Gartner&utm_source=hs_automation&utm_medium=email&utm_content=83116409&_hsenc=p2ANqtz--NIm7BuXHmgVd2y7RJrwgUFXnAendwNj_5l3qWgViwXM_4Kka4egbymU7F5KZ6TtDnnNJVG6zUX1XCnPD2S8FdFktjAnETkVQ-WQuB5WMCWHjTJY0&_hsmi=83116409
How to Win Friends and Influence People with SAM
Truly effective Software Asset Management (SAM) requires more than a thorough understanding of licensing rules, ITIL processes and an effective SAM tool. For a SAM program to deliver all of its goals and drive IT efficiency, the soft skills of Software Asset Management are also required. SAM managers need to engage with other stakeholders outside of the SAM team and assist the wider business to understand the importance of Software Asset Management.
Click here to read more
How to Help Finance Your ITAM Program With The Assets You Manage
A good ITAM program should catalog the configuration of every item it discovers in a database. By using a sustainable ITAD (IT Asset Disposition) partner, IT managers can derive the maximum value from their retired IT assets. This tracking allows them to determine what assets they have in total and to decide which ones can be sold. Naturally the revenue derived from the sales of retired technology will not cover the cost of the ITAM program. However, any value recovery will increase the ROI of the program by reducing the net spend.
Click here to read more
Cybersecurity Warning: Almost Half Of Connected Medical Devices Are Vulnerable To Hackers Exploiting BlueKeep
Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks. BlueKeep is a vulnerability in Microsoft's Remote Desktop Protocol (RDP) service which was discovered in 219. It impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008. Microsoft issued a patch for BlueKeep after the vulnerability was discovered in May of 2019. Security authorities, including the US National Security Agency (NSA) and the UK's National Cyber Security Centre (NCSC), issued urgent warnings about patching vulnerable systems. Healthcare IT managers can use thier IT asset management tools to identify unpatched systems.
Click here to read more
Ransomware Victims Thought Their Backups Were Safe. They Were Wrong
The UK's National Cyber Security Centre (NCSC) said it has now updated its guidance by emphasizing that offline backups are required as an effective defense against ransomware. The agency observe4d that "We've seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great). It meant the backups were also encrypted and ransomed together with the rest of the victim's data." The NCSC has continuously recommended offline backup be part of a data security practice. However, it said that the key to mitigating a ransomware attack is to ensure that companies maintain up-to-date backups of important files. Organizations should ensure that a backup is kept separate from their network, wither offline or in a cloud service. IT managers can use their UT asset management tools to idedity where their back-up files are located and stored.
Click here to read more
Industry News - Jan 2020
Windows 7 Reminder: Get a Free Windows 10 Upgrade While You Can
With the Windows 7 end of life in the rearview mirror, CIOs need to decide whether they want to upgrade existing systems to Windows 10 or purchase new PCs. Microsoft has already released the last cumulative update for all editions of the operating system. No additional security updates will be available unless the firm purchased Extended Security Updates. Non-updated computer will become vulnerable to any security vulnerabilities that are discovered after January 14. However, firms that want to upgrade to Windows 10, you can still do so for free by going to Microsoft's Windows 10 download page. IT managers can use their IT asset management tools to identify non-upgraded systems, or systems with Windows 10 compatibility issues.
Click here to read more
Microsoft Patches Windows 10 Security Flaw Discovered By The NSA
The National Security Agency (NSA) identified a security vulnerability in Microsoft s handling of certificate and cryptographic messaging functions in Windows 10. The flaw, which wasn t marked critical by Microsoft, could allow attackers to spoof the digital signature associated with pieces of software, allowing unsigned and malicious code to pose as legitimate software.
The bug is a problem for systems that depend on digital certificates to validate the software that machines run. This could result in far-reaching security issues if left unpatched. The NSA is recommending that enterprises apply any available patches it immediately. Microsoft is now in the process patching the flaw. Following release of the patch IT managers can use their IT asset management tools to identify patched and un-patched systems.
Click here to read more
Antivirus Vendors Push Fixes for EFS Ransomware Attack Method
Researchers have discovered how an EFS attack initiated by ransomware leaves systems relying on signature-based antivirus solutions open to attack. Major cyber-security software vendors are actively developing and releasing fixes. as a result. Safebreach Labs revealed an how the Windows Encrypting File System (EFS) can be abused by ransomware. A lab-based exploration of EFS found that major antivirus solutions might not protect the system. Safebreach Labs found that after testing three major anti-ransomware solutions, all three failed to stop attacks. IT managers can utilize their IT asset management tools to determine if any available patches to their cyber-security software systems have been applied.
Click here to read more
Why Does Asset Management Matter for Cybersecurity?
IT asset management and Security are becoming more closely associated. The delineation between keeping information safe and providing and managing the IT tools necessary for daily operations is no longer clear. This white paper explores why asset management, which was once considered a pure IT play matters for cybersecurity. It also explores how both IT and security teams can benefit from cybersecurity asset management. Click on the link below to download the whitepaper. )Registration required)
Click here to read more
European Court of Justice Rules That Under-Licensing Is IP Theft
The Court of Justice of the European Union has ruled for of French software firm IT Development, which brought a case against its customer, Free Mobile, for copyright infringement. IT Development brought proceedings in June of 2015 against Free Mobile for infringement of the copyright of one of its software package as free mobile was under-licensed and creating new forms in the application, both of which violate3d the terms of the software license agreement (SLA). It argued that the licensee no longer had any licensed rights because the application was under-licensed and illegally modified, and consequently infringing firm IT Development s intellectual property (IP) rights. Robin Fry, legal director at Cerno Professional Services said the ruling means that software firms can effectively treat under-licensing as copyright infringement.
Click here to read more
Hidden MacOS Threat: This Is The Sneaky Malware Most Likely To Infect You
The Shlayer Trojan is the nearest thing to a viral plague affecting devices running the MacOs. According to Kaspersky, 10% of all the systems running their security on-device software detected the malware at least once. The Shlayer Trojan has accounted for almost one-third of all its Mac detections since first detected in 2018. Shlayer deceives users into downloading its payload by hiding on popular legitimate sites. The malware s operators pay partners to host links on these sites. Kaspersky reported more than 1,000 partner sites distributing Shlayer. IT managers should use their IT asset system to insure that the most current versions of cyber-security software is installed on each macos system accessing the network.
Click here to read more
Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
A new ransomware named Ragnarok has been used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit. FireEye recently reported on new attacks to install the new Ragnarok Ransomware on vulnerable networks, exploiting the now patched Citrix ADC vulnerability. When attackers compromise a Citrix ADC device, a number of scripts would be downloaded and executed. They then scan for Windows computers vulnerable to the EternalBlue vulnerability. When those devices are detected, the scripts attempt to exploit the Windows devices, and inject a DLL that downloads and installs the Ragnarok ransomware. IT managers can use their IT asset discovery tools to identify unpatched Citrix systems and vulnerable windows systems.
Click here to read more
Should ITAM Job Titles Be Standardized?
Examining the software asset management roles, there are apparently no recognized experience requirements or career progression ladders for the position. There are also a multitude of ITAM job titles that aggregate people with a few months worth of experience with people who have years of experience. Within the SAM industry there are a few recognized certifications, such as CSAM, PITAM, and ITIL However the related courses can only cover the base layer of SAM. There are also some vendors who offer some SAM training, but the reality is that only experience can answer the questions ITAM professionals face.
Click here to read more
Industry News - Dec 2019
This New Android Malware Comes Disguised As a Chat App
The trojan malware, labeled CallerSpy, has been discovered and detailed by cybersecurity researchers at Trend Micro. The app, which targets Android users, is designed to spy on calls, texts and other communications. Smartphones are targeted by because they contain vast amounts of information and they're with the target on a prolonged basis. Originally discovered in a chat app called Chatrious, CalleerSpy was re-introduced in the Apex-Chat app. Companies are urged to use their It asset management and/or mobile device management programs to identify devices with the Apex-chat app installed.
Click here to read more
Google Chrome Can Now Warn You In Real Time If You're Getting Phished
Google recently announced that it is offering real-time checks on potential phishing links through its Chrome browser. According to Verizon's annual cybersecurity report, phishing is the leading cause of data breaches. Google noted that it blocked about 100 million phishing emails every day in 2019. However phishing links aren t limited to emails and can also be presented in malicious advertisements, or through direct messages. Google is now launching an extra level of protection against phishing through real-time checks on site visits for Chrome users. The feature can be activated by enabling "Make searches and browsing better" in your Chrome settings. IT managers can use their IT asset management software to determine that all Chrome users are running the most current version in order to utilize this new cyber-protection tool.
Click here to read more
Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat
The December 2019 Android Security Bulletin has been published by Google and contains details of three vulnerabilities have been given a critical rating. Users are urged to download the December security update just as soon as it is available for their devices. Unfortunately, not all Android devices receive these security updates, and some don't get them as quickly as they should. The official NIST National Vulnerability Database description of the CVE-2019-2232 vulnerability notes that improper input validation in the "handleRun of TextLine.java" could cause a denial of service to an Android device, effectively disabling the device. The NIST document continues to note that "User interaction is not needed for exploitation," and the remote denial of service attack needs "no additional execution privileges." The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions, and patches have been made available to ther Android Open Source Project (AOSP) repository. Users can determine if you have been protected against this critical threat by checking their security patch level by look for the "About Phone" option in the device settings menu.
Click here to read more
Microsoft: We Never Encourage A Ransomware Victim To Pay
In a recent blog post regarding whether to pay a cyber-ransom demand, said Ola Peters, Senior Cybersecurity Consultant for Microsoft Detection and Response Team (DART), said,
"We never encourage a ransomware victim to pay any form of ransom demand." The company urges firms to think of a ransomware attack in terms of when and if. Microsoft recommends that companies prepare for a ransomware attack by taking several measures, including employing an effective email filtering solution, regularly patching hardware and software systems and using an automated ITAM tool to manage all of the IT assets, using and updating an antivirus and an endpoint detection and response solution, separating administrative and privileged credentials from standard credentials, implementing an application whitelisting program and using an ITAM solution to identify unauthorized software and regularly backing up critical systems and files.
Click here to read more
FBI Issues Alert for LockerGoga and MegaCortex Ransomware
The FBI has issued a warning to private industry and is providing information and guidance on the LockerGoga and MegaCortex Ransomware. Both forms of ransomware infections infect the enterprise by compromising the network and then attempting to encrypt all its devices. The FBI offers guidance and mitigation techniques that businesses should utilize to minimize their risk to these ransomware programs. According to the FBI tyhe most important mitigation provided by the FBI is to make sure you "backup data regularly, keep offline backups, and verify integrity of backup process." Other mitigations suggested by the FBI include: 1) insuring that all installed software and operating systems are kept updated. )An ITAM solution n is useful to accomplish this), 2) enable two-factor authentication and use strong passwords 3) audit logs for all remote connection protocols and audit the creation of new accounts, 4) scan for open or listening ports, 5) disable SMBv1 , 6) monitor Active Directory and administrator group changes for unauthorized users and 7) usethe most up-to-date PowerShell and uninstall any older versions.
Click here to read more
Windows Users, Beware: This Fake Update Could Lock Up Your PC, Or Worse
According to security firm Trustwave, cyber-attackers are well aware of the migration to Windows 10 by Windows 7 users and are targeting Microsoft users with fake Windows update emails that will infect computers with ransomware. This malware locks up valuable data on the user s computer, and demands a ransom payment to release the data. Otherwise it will be destroyed. The spammers emails include the subject lines "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!" The emails, which appear to be from Microsoft, include one sentence in the message body, which starts with two capital letters. They ask recipients to click an attachment to download the "latest critical update."
Click here to read more
Industry News - Nov 2019
On Halloween Night, Google Discloses Chrome Zero-Day Exploited In the Wild
Google recently advised users that an exploit for CVE-2019-13720 exists in the wild. The company also announced the new v78.0.3904.87 Chrome release which remedies the vulnerability The zero-day was described as a use-after-free bug in Chrome's audio component and was considered actively-exploited. A use-after-free vulnerability is a memory corruption bug that occurs when an application attempts to reference memory that was previously assigned to it but has since been freed or deleted. This can cause a program to crash, but can also lead to code execution scenarios. Chrome 78.0.3904.87 is available for Windows, Mac, and Linux. The release will slowly roll out to all Chrome users, but users can execute a manual update by accessing the browser's Help > About Google Chrome section. IT managers can use their IT asset management tools to determine which systems need the new version.
Click here to read more
Protecting Business Interests with Policies for IT Asset Management
IT asset management policies are important to protect business assets and interests. Technology devices and software assets are expensive, valuable and require protection from failure, loss, destruction, theft and damage and related harm. IT asset management practices define how a company protects and preserves technology assets and can create an "asset management mindset". That mindset recognizes that "technology assets are important to us and we take them seriously enough to put up with protective controls". However, in order realize all of the intended benefits, this mindset must be integrated into daily operations and the corporate culture.
Click here to read more
IT Asset Management (ITAM): A Centralized Approach To Managing IT Systems And Assets
IT asset management (ITAM) encompasses the practices and strategies for overseeing, managing and optimizing company-owned IT systems, software and data. An ITAM program enables IT departments to implement, track and maintain IT assets, and determine if those assets require optimization, should be retained as-is or replaced with a newer technology. A deep insights into an organization s IT assets helps IT executives realize the ROI on IT assets and determine how those assets directly benefit the company s business goals.
Click here to read more
The CIO s Guide To Saving $4000 Per Employee Annually
New research from Cleanshelf indicates that nearly 25% of SaaS spending is wasted. Strong stakeholder relationships and leveraging provided SaaS Subscription Management tools can cut waste. By optimizing SaaS usage, standardizing on selected services and data-driven vendor management can reduce costs.. IT managers need to have an understanding of what is being used across the enterprise. This can be accomplished by gathering metrics on usage and cost and looking for opportunities to optimize the SaaS spend, functionality, and usage. IT needs to work with departments to identify their technology needs and what they re currently doing to address those needs and then create a picture of the technologies used across the organization.
Click here to read more
The Business Case For IT Asset Lifecycle Automation
Efficient organizations typically have detailed specifications for the components that comprise a product or service. A similar rigor should be applied to digital assets Through the use of automated It asset management tools. Firms can adopt a three-step approach to IT Asset Lifecycle Automation Discovery & Standardization, Self-Service, and Process Automation..
Click here to read more
10 Signs of a Fake Microsoft Audit
sIt is critical that a company knows how to spot a fake Microsoft Audit. The common Signs of a fake Microsoft audit, often conducted by unauthorized vendors or MS partners are summarized below. Paying attention to these clues could help avoid a trap that could cost an organization hundreds of thousands of dollars.
The contact email has a V- Microsoft address, indicating the sender is a temporary employee or a partner who does not have the authority initiate a mandatory Microsoft audit.
You don t know the company or the person sending the email
They ask for an email address where they can send some forms..
The person s LinkedIn says they work at Microsoft, and another company
The email address the person uses does not match their name.
Suspect File Names include Updated Copy of Deployment Summary SAMC.XLSX or
SAM+C Engagement.pdf
The company address is in Atlanta GA, Fargo ND, Australia, or New Zealand.
The audit letter is only delivered by email, not by paper mail.
The audit email talks about penalties for refusing a Microsoft audit
Click here to read more
3 Everyday Things in Your Office That Could Lead to a Data Breach
Today, cyber-threats don t only come from external sources. Smaller common place items found in almost every office can facilitates data breaches. For example, the O.MG cable looks like a standard iPhone / iDevice "lightning" cable. However it contains a tiny Wi-Fi transmitter that enables a remote user to take control of the compute to which it is connected. Printers save a copy of each document that was printed, and that data can be stolen as well. If not properly encrypted and password protected the Wi-Fi network can allow anyone in range to collect information shared on the network. IT asset management policies and procedures can help limit a company s exposure to internal threats.
Click here to read more
IT Asset Management Benefits & Best Practices
Firms that implement an effective asset management practice benefit from detailed visibility into their hardware and software assets. IT administrators and support personnel should paying attention to the asset details of each end-user system. Asset management gives them the ability to easily examine the hardware and software components of any computer, server, or any other device within the network infrastructure. Traceability of assets across the IT landscape yields improved IT administration, control and accountability. Using an automated asset discovery toolset, along with existing server and application monitoring tools allows IT managers to view the computer inventory details and determine if an employee has any unauthorized and non-compliant hardware or software on their company-issued devices.
Click here to read more
Windows 10 Fake Update Is Nasty Ransomware
A new malware campaign sends emails from a fake Microsoft address that pushes users to download a malicious Windows 10 critical update . Discovered by computer security company Trustwave, the subject line reads Install Latest Microsoft Update now! or Critical Microsoft Windows Update! The mail contains one single line that says Please install the latest critical update from Microsoft attached to this mail which is attached file. The mail contains a jpg file that is an executable .NET file that will infect your PC. This executable will download a ransomware called Cyborg. Cyborg will encrypt all of the files on the device, locking the contents and changing their extensions to 777. A text file will appear on the desktop named Cyborg_DECRYPT.txt , with instructions about how to recover the files for a price. Users are encouraged to immediately delete the mail. IT managers are encouraged to inform their user community of the threat.
Click here to read more
Report Highlights Toll Of Outdated Office Computers, Software, Printers
According to a study released by ZenBusiness, employers are wasting time and money due to outdated technology lowering worker productivity. The study found that nearly an hour each day per employee is lost due to technology malfunctioning or moving slowly. That amounts to about $4,000 is wasted money per employee per year. Crumbling technological tools have cascading effects on an organization, resulting in additional problems as employees sought alternate options or replacement tools. IT managers may want to refer to the whitepaper published by xAssets entitled Using IT Asset Management to Implement Technology Modernization (www.xassets.com) for ways to update their IT infrastructure to support improved productivity.
Click here to read more
Industry News - Oct 2019
Cyber Risks Lead Travelers Index For First Time
Travelers insurance reported that cyber risks topped its 2019 Risk Index for the first time since the survey s origin in 2014. The report noted that experiencing a security breach and having a third party gain unauthorized access to bank accounts were at the top of the list of cyber-related concerns, followed by a ransomware attack, and social engineering scams.
Just under half of survey participants, have taken a cyber risk assessment for their business. Using an IT asset management system to discover and inventory the IT infrastructure to identify systems vulnerable to cyber-attcks is a key function of cyber-incident prevention.
Click here to read more
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
Researchers at the CQ Prime Threat Research Team, a division of Cequence, have reported a vulnerability in the Zoom and Cisco Webex conference platforms that could enable an attacker to drop into video meetings that are not protected with a password. Cisco and Zoom were notified of the flaw, and both companies have issued patches for their systems. IT managers can use a fully functional IT asset management system to inventory the phones in their network and identify devices that require the patch.
Click here to read more
Google Wants To Help You Survive A World Filled With Data Breaches
Google recently announced a new Password Checkup feature that will automatically check all of a user s saved passwords for security problems. The system will alert the user if the passwords have been exposed in a third-party data breach, or if the password is being reused across different sites by bad actors or if it is weak password and should be updated. This functionality is now being integrated into the core Google experience through its password manager.
Google pulls in data to check breached passwords from the open Web and Dark Web. Usernames and passwords are often "dumped" on the open Web as a result of data breaches Google has found 4 billion unique username and password combinations from examining only the open Web.
Click here to read more
Software Provider s End-User License Empowerment Shifts ITAM Program Governance
Microsoft recently announced that it will allow end-users buy some of their own apps and licenses through Office 365. This change should have IT Asset Managers concerned Beginning on Nov. 19, 2019, the company will start allowing end-users to purchase Office 365 Power Platform low-code services, PowerApps, PowerBI and Flow. The end-user would be responsible for paying for the transaction and the applications themselves would be licensed to the user. In the way most prior licenses worked, users would have to get clearance from their administrators) to add those services. The announcement, released by the software giant this week, could force decentralization of IT Asset Management (ITAM) programs and open the door for compliance, financial and other risks.
Click here to read more
This Mysterious Hacking Campaign Snooped On A Popular Form Of VoiP Software
A hacking campaign is targeting one of the world's most popular services for making voice over IP phone calls was detailed during a presentation by Check Point researchers at the Virus Bulletin 2019 conference in London.. The exploit allows the attacker to spy on who individuals are calling, record the time and date the calls are made, listen to recordings of conversations and send out spoof calls that appear to come from the number of the compromised user.
The initial attacks occurred between February and July 2018, when an attacker was scanning on over 600 companies across the world that use Asterisk FreePBX. The attacker extracted and read the contents of call files, examining the histories of calls made by the user of the Asterisk system. IT ,managers can use their IT asset management system to determine if Asterisk FreePBX is deployed anywhere in their company.
Click here to read more
What Does a More Strategic ITAM/SAM Approach Look Like?
With IT environments encompassing diverse types of devices and endpoints and a mix of on- SaaS, IaaS, PaaS and web applications, cost containment efforts can be difficult. According to Spiceworks, enterprise organizations will spend less than 10% of their software and/or managed services budget on IT management. However, those the tools and services that can uncover hidden costs, eliminate waste and identify unnecessary expenditures. By investing in the right people, processes and technology tools the company will gain true IT asset intelligence, instead of simply information and rules. Click on the link below to download the eBook, "How to Shift from Tactical to Strategic Management of Your IT Assets." It describes the 6 Steps to true IT Asset Intelligence:
Click here to read more
HP Fixes Vulnerability In Its Controversial 'Touchpoint Analytics' Bloatware PC App
SafeBreach Labs researchers found a security flaw in HP Touchpoint Analytics in July. In response HP issued a security advisory for its Touchpoint Analytics, which had a security flaw that could enable malware to gain admin rights and take over vulnerable systems. HP desktop and laptop owners were advised to follow the instructions in the company's security advisory and update the Touchpoint Analytics client as soon as possible. The HP Touchpoint Analytics app is a type of software that comes pre-installed on new devices. IT managers an identify affected systems uni ng their IT asset management toolset.
Click here to read more
Microsoft's Leaner Windows 10 Update Process Begins With New Patch
Microsoft will release Windows 10 version 1909, ( AKA 19H2,) later this year. The update is relatively small. The most significant changes are to notifications, with a "Manage notifications" option added to the Action Center and new notification management feature. Other changes include the ability to quickly create a Calendar event from the taskbar. The, File Explorer search box will now be powered by Windows Search enabling users to search through their OneDrive content along with all other files. There are some improvements to battery life and a more even distribution of load between multiple processor cores.
Click here to read more
Microsoft Announces Important Security Update For All Windows 10 Users
Microsoft has announced that is it immediately rolling out Tamper Protection to all Windows 10 devices for both enterprise and consumer users. Microsoft wikll now enable the feature on all devices running Windows 10 1903 update by default. Older versions of Windows 10 are likely to get the feature ported across in due course. Tamper Protection is a method of hardening Windows Defender against such threat actors who attempt to disable the Windows Defender Antivirus service. Tamper Protection will help users to mitigate malware and threats that attempt to disable security protection features.
Click here to read more
Researchers Find Stealthy MSSQL Server Backdoor Developed By Chinese Cyberspies
Servers running MSSQL v12 and v11 are vulnerable to new Chinese developed malware. The code alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that enables hackers to access any account by using a "magic password." Labeled skip-20 by the researchers who discovered the malware, the malware only works with MSSQL v12 and v11 servers. Although MSSQL Server 12 was released in 2014 and is not the most recent version, it is the most commonly used version of MSSQL. IT managers can scan their networks for vulnerable systems using their IT asset management solution.
Click here to read more
Cloud Migration Planning and Cost Optimization
Many organizations are moving their IT infrastructure to the cloud. By doing so, they expect to realize major cost savings and other benefits. However, any move to cloud-computing requires careful preparation and a deep-dive analysis of the existing IT assets and the way they are used If enough time in preparation and planning isn t invested into the project, the firm will struggle to realize the full benefits of the move. Recent surveys suggest that the results are often disappointing in terms of cost, consequently lowering realized return on investment. Click on the link below to download the eBook, "Essential Considerations for Cloud Migration Planning and Cost Optimization," It address six major questions that companies should ask before moving to the cloud.
Click here to read more
Industry News - Sep 2019
Don t Put the Custom Processes Cart Before the Best Practices Horse
Although custom processes may be useful in some IT Asset Management (ITAM) programs, implementing them before employing established best practices can be counter-productive The International Association of Information Technology Asset Managers, Inc. (IAITAM) has developed a set of best practices necessary for successful ITAM programs through its 12 Key Process Areas (KPAs). The first step in establishing a program using best practices is to become educated on what they are. Once a practitioner understands how these best practices impact the overall program, a program can be developed to meet the unique needs of their organization. Dr. Barbara Rembiesa, President and CEO of IAITAM, noted that obtaining executive buy-in to the program and using tools such as an automated discovery tool and centralized repository are necessary to ensure overall success. Each of these supplements supports the KPAs and creates a stronger program.
Click here to read more
Microsoft Tenant-Level Services Licensing Guidance
Microsoft defines a tenant-level service as an online service that, when purchased for any user in the tenant, (either as a standalone or as part of Office 365 ), is activated in part or in full for all users in the tenant. Although some unlicensed users may technically be able to access the service, a license is required for any user that is intended to benefit from the service. Some tenant services are not currently capable of limiting benefits to specific users, and It management should undertake efforts to limit the service benefits only to licensed users. Doing so will help avoid potential service disruption to the organization once targeting capabilities are available. (Go to https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance for more details.) The issue here is license compliance. It addresses the impact of an organization s lack of controls in the management of their software estate. Unless that organization has a sound software asset management program or monitors software compliance, it could easily be subject to unplanned costs in the form of software licensing and subscription services.
Click here to read more
A Free Trick for Fake Apps To Steal Your Data
Fake apps are attracting users with free apps, and install malware to access personal data and tracking devices as part of the process. These apps target popular, viral apps that allow in-app purchases. The fake app business has been estimated at $2.3 billion globally for just the first half of 2019. The fake apps are developed by extracting the original apps using their APK files and then creating new APK files with a similar name. These apps are usually shared through APK, SDK files in closed networks. Stolen user information is sold to companies or leaked. These apps also use stolen data to create fake accounts on online services and steal user identities. It managers are encouraged to scan mobile devices for unapproved apps.
Click here to read more
Cybersecurity: 99% Of Email Attacks Rely On Victims Clicking Links
According to Proofpoint's Annual Human Factor Report, almost all successful email-based cyberattacks depend on the target to open files, click on links, or perform some other action.
Only a tiny fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems. However, 99% of campaigns require some level of user input to infect the system. Phishing attacks are becoming increasingly sophisticated and it is often difficult for users to distinguish a malicious email from a regular. Attackers now design attacks to appear as if they originate from a trusted source, such as cloud service providers, colleagues, or even the boss.
Click here to read more
Microsoft Patches Two Zero-Days in Massive September 2019 Patch Tuesday
As part of the company's monthly release of security updates, Microsoft recently published 80 security fixes for 15 products and services. Two are so-called zero-day vulnerabilities were patched as part of this release. They are CVE-2019-1214 and CVE-2019-1215 which are elevation of privilege (EoP) vulnerabilities. These vulnerabilities can be exploited by malware to gain the ability to run malicious code with administrator privileges on infected systems. Microsoft didn't reveal any details of how the two bugs were being exploited in the wild. It managers can use their IT asset management toolds to identify any systems that remain unpatched and afre still vulnerable.
Click here to read more
8 Signs You re About To Be Audited For Non-Compliance
Software audits are often conducted by major software vendors such as Oracle, Microsoft and IBM when they detect circumstances or business practices that indicate potential non-compliance with the terms of the ELA. Some of the major triggers include:
- A recent merger, acquisition or divestment
- Your firm backed out of a purchase
- Past proof of noncompliance
- Lack of a SAM solution or license management practice
- Published reports of instability in the organization
- The software sales rep is suspicious
- Recent projects to virtualize or move to the cloud
- The licensing expert leaves
Use of a comprehensive ITAM tool can help management prepare for an audit or take pre-emptive measures to insure license compliance.
Click here to read more
Microsoft Urges Windows Users To Install Emergency Security Patch
Microsoft has issued an advisory to all Windows users to install an emergency out-of-band security patch as soon as possible. The company said that a security flaw in Internet Explorer could enable an attacker to remotely run malicious code on the user s device and take full control of that device. A user could become infected by visiting a malicious web page or by clicking on a malicious link in an email. Microsoft said the vulnerability was under active exploitation, however details of the flaw have not been made public. Most users can install the patches using Windows Update. Microsoft also issued a fix for its in-built malware scanner Windows Defender. The flaw could have been used to trigger a denial-of-service condition. IT managers can use their ITAM tools to scan for unpatched devices.
Click here to read more
Delete These 25 Malware-Infested Android Photo-Editing Apps ASAP
Cybersecurity firm Symantec announced that it found over two-dozen Android photo-editing and fashion apps in the Google Play Store contained malware. The infected apps were downloaded more than 2 million times. After Symantec reported the malicious apps to Google all the apps have since been removed. Users are cautioned to re view all of the apps on their devices and remove the malicious apps as soon as possible. A complete list of the affected apps can be found on the link below.
Click here to read more
Industry News - Aug 2019
What May Trigger A Software Audit?
Each signed software license agreement includes some sort of audit clause stating that the software publisher can conduct a license compliance verification (AKA software audit). When organizations receive the audit letter they often question why they were selected Understanding audit triggers can helps a company predict if and when a software audit may be performed. Some common triggers include: a) a license period of longer than three years, b) termination of the support agreement, c) dignificant changes in the IT infrastructure, d) increase in the total number of employees, e) a merger or acquisition, f) expiration of the agreement, g) suspect true-up reports, h) support tickets and/or training requests for software not included in the license, and i) change in ownership of the software publisher.
Click here to read more
Making the Case for ITAM in Secure Computing Environments
In today s uber-connected computing environment, the concept of an air-gapped, locked down, and stand-alone data center running proprietary special use software is an anachronism. Even the most secure military data systems use some commercial off-the-shelf (COTS) software and almost all IT environments are networked. Procurement and IT managers and officers look for the best hardware and software configurations needed to meet a specific goal and integrate them into existing data centers and networks. Having been common practice for a period of years, this model raises the questions, What exactly are we running? and What do we need? A secure, approved and flexible IT asset (ITAM) management solution can help answer those questions.
Click here to read more
New Windows Malware Sets Up Proxies on Your PC To Relay Malicious Traffic
Proofpoint researchers recently analyzed new malware strain named SystemBC that is targeting Windows systems. SystemBC malware installs a proxy on infected computers and rarely comes alone. The presence of this malware on any system usually indicates that the computer was also infected by a second threat. The SystemBC malware is an on-demand proxy component that any malware operator can integrate and install on compromised computers alongside their primary software. Proofpoint noted that malware operators have used exploit kits to infect hosts and then used SystemBC's proxying capabilities to disguise their malware s activity. Fundamentally, if an IT manager detects SystemBC, there's a high probability that there is a second malware strain on the system and removing SystemBC won't solve the problem.
Click here to read more
An Nvidia Vulnerability Has Been Found. It s Time to Update Your Drivers
Nvidia recently published a security bulletin alerting users that the GPUs in its GeForce, Quadro, and Tesla product lines are all affected by serious vulnerabilities. The vulnerabilities can impact local code execution and privilege escalation. They are in all versions of numerous driver tracks provided by the company for its hardware. Nvidia has issued new patched versions of all of its GeForce and many of its Quadro drivers, patches for some of its Quadro and Tesla drivers have not been released, and in some cases won t be ready for several weeks. IT managers can use their IT asset management software to locate unpatched systems and take the necessary action to update those systems.
Click here to read more
Microsoft: Russian State Hackers Are Using IoT Devices To Breach Enterprise Networks
A Russian state-sponsored hacking groups is attacking IoT devices to breach corporate networks. Microsoft noted that its staff spotted one group attempting "to compromise popular IoT devices across multiple customer locations." Microsoft said the group tried to exploit a VOIP phone, an office printer, and a video decoder. In its report Microsoft wrote that "The investigation uncovered that an actor had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer's passwords and in the third instance the latest security update had not been applied to the device." The company also said that these recent attacks include indicators of compromise (IoCs) such as IP addresses of the hackers command and control (C&C) servers, which organizations can block on their networks.
Click here to read more
Researchers Discover Troubling New Security Flaw in All Modern Intel Processors
BitDefender researcjers have discovered a significant security vulnerability in all modern Intel processors. The flaw can enable a hacker to access the computer s kernel memory, potentially provide ng access to highly sensitive information. The vulnerability affects all machines using Intel processors that support the SWAPGS system call. SWAPGS allows the processor to swap
between the kernel mode and user mode memory rings and is a component of the speculative execution features present in most modern processors. BitDefender has worked with Intel, Microsoft and the Linux Foundation to develop a fix that remedies the problem. The company advises users install the latest security patches from their operating system manufacturer with haste. It mangers can also install BitDefender Hypervisor Introspection, which guards against many chip-level attacks. A fully functional IT asset management system, such as the one supplied by xAssets, can be used to identify patched systems and to determine if the BitDefender Hypervisor Introspection software is installed.
Click here to read more
Popular Avaya Enterprise VoIP Phones Are Vulnerable To Hacking
McAfee researchers disclosed a serious remote code execution vulnerability in enterprise Avaya VoIP desk phones. The flaw enables hackers to gain full control of the devices, listen to calls and turn the phone into a spying device. The vulnerability is located in the DHCP service, which allows the devices to automatically obtain IP addresses on the network. Attackers can send maliciously modified DHCP responses to the devices, which do not require authentication. Firmware updates have been available since June 25 of this year.
Click here to read more
Be Cautious When Installing Free Apps from Google Play Store; Over 1,600 Bugs Found In Backend Systems
Cybersecurity researchers have identified over 1,600 vulnerabilities in the ecosystem supporting the 5,000 most popular free apps on the Google Play Store. Although the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, some iOS apps may use the same backend systems. The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information and potentially into the devices themselves.
Click here to read more
Remote Code Execution Is Possible By Exploiting Flaws in Vxworks
Eleven zero-day vulnerabilities in WindRiver s VxWorks, a real-time OS, have been discovered by network security vendor Armis. The software is in use across an advertised 2 billion connected devices. Over half of the vulnerabilities could allow remote attackers to access unpatched systems without any user interaction, even if protected by a firewall. The vulnerabilities impact all devices running VxWorks version 6.5 and later. VxWorks 7,which was issued July 19 of this year, patches the flaws. Consequently, the attack windows may have been open for more than 13 years. Affected devices included SCADA controllers, patient monitors, MRI machines, VOIP phones and even network firewalls. Users in the medical and industrial fields should be particularly attentive about patching the software. IT managers can utilize their IT asset management tools to identify vulnerable devices..
Click here to read more
Unpatchable Security Flaw Found In Popular SoC Boards
Security researchers from F-Secure have discovered an unpatchable security flaw Xilinx s system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products. F-Secure said that the Encrypt Only secure boot mode of these SoCs contains two security flaws one of which cannot be patched using a software update, and requires "a new silicon revision" from the vendor. In a security advisory released following F-Secure's findings, Xilinx said it updated its technical manuals advising equipment vendors using Zynq UltraScale+ SoCs to use the stronger Hardware Root of Trust (HWRoT) secure boot mode instead of the weaker Encryption Only one. The company noted that "The HWRoT boot mode does authenticate the boot and partition headers." +
Click here to read more
Cybersecurity: This Trojan Malware Being Offered For Free Could Cause Hacking Spike
A new version of a powerful form of the NanoCore RAT (Remote Access Trojan) malware is being offered on the dark web for free. One cybersecurity company warned that it could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills. Discovered by security researchers at LMNTRIX Labs, NanoCore provides hackers with a variety of attacks against Windows systems, including password theft, keylogging and secretly recording audio and video footage using the system s webcam. NanoCore is distributed using email phishing attacks and is often designed to look like invoices or purchase orders with attachment names designed to get victims to click on an attachment.
Click here to read more
Cybersecurity Alert: 34% of Vulnerabilities Found This Year Remain Unpatched
Even though during the first half of 2019, there have been about 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, over 30% of the more than11,000 reported vulnerabilities remain unpatched. Nearly na quarter of all vulnerabilities originate from five companies: Software in the Public Interest (Debian and related platforms), SUSE, Oracle, IBM, and Microsoft. Given the proliferation of platforms from those organizations, it's reasonable to assume most organizations are affected by at least one of those vulnerabilities reported in 2019, and possibly by some that remain unpatched. The most common vulnerabilities, which account for more than half, are remote ones. Remote vulnerabilities occur over a network and are perpetrated by an attacker without prior access to a system. Along with remote vulnerabilities, context-dependent, local, and mobile exploits are included, but in far smaller percentages.
Click here to read more
BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk -- Update Now
Recently, researchers from the security firm SafeBreach revealed a critical security flaw in BitDefender's popular and latest free antivirus for Windows. The flaw allows hackers to entirely take over a user's computer. Peleg Hadar, one of the researchers, noted that" The vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. This ability might be abused by an attacker, for example, to achieve Application Whitelisting Bypass for purposes such as execution and evasion." The vulnerability affects only the free product, not Antivirus Plus 2020 or GravityZone Security as they are different products. BitDefender has published a security advisory regarding the vulnerability as well as a patch to correct the flaw. It managers are urged to use their IT asset systems to identify unpatched systems.
Click here to read more
Do Self-Service and Low-Code Curb Shadow IT?
Shadow IT has typically been driven by two factors; impatience and a desire to go beyond IT-sanctioned technology. For years organizations have been trying to strike a balance between business unit effectiveness and enterprise risk management. Some of these efforts include department-specific IT budgets and the partial decentralization of IT. In 2017 Gartner estimated that shadow IT would account for nearly 40%of all technology purchases (go to https://www.gartner.com/smarterwithgartner/make-the-best-of-shadow-it/ ). The reality is the IT group can t completely eliminate shadow IT, but it can minimize its negative effects by working with the business units, providing self-service tools and using shadow IT asset management discovery tools.
Click here to read more
Industry News - Jul 2019
Don't Play the Victim: #HowTo Create a Ransomware Backup Plan
In today s computing environment there is no single defense against ransomware. Malware spreads like a virus as soon as makes contact with your network. Ransomware enables cyber-criminals to start encrypting files on start-up drives and quickly go to attacking data on shared networks. Firms need a multi-level backup strategy to ensure their mission critical data can t be held for ransom. Companies should start by inventorying and isolating their backup systems. Utilizing cloud storage as a backup storage solution is the ideal solution. As it is isolated from the main network and updated with the latest security policies, cloud storage is a secure, low cost and scalable defense. In addition to isolating the backup systems, regular data replication, ensures that backup data is current and available. A sensible approach is to maintain at least three copies of data, on two devices and with one copy offsite
Click here to read more
US Cyber Command Issues Alert About Hackers Exploiting Outlook Vulnerability
The US Cyber Command recently issued an alert about threat actors abusing an Outlook vulnerability to plant malware on government networks. It cites recent use of the CVE-2017-11774 vulnerability, which was patched by Microsoft in the October 2017 Patch Tuesday. The Outlook bug enables a threat actor to run malicious code on the underlying operating system The Cyber Command alert advises IT managers to insure all their Outlook systems are patched. IT managers can easily identify any vulnerable systems using the company s ITAM solution.
Click here to read more
Strengthening ITAM by Curing HAM
When compliance issues and software audits become a focus of attention it s easy to overlook the hardware aspects of IT asset management. However there are significant opportunities for cost savings and efficiency when IT Asset Managers practice good Hardware Asset Management (HAM). HAM best practices ensure an IT Asset Management (ITAM) program will be successful. Without HAM, Software Asset Management (SAM) could easily fail. Software can affect the hardware environment, just as hardware can affect what software should be licensed. Software purchases often require an assessment of the hardware assets in use. Taking HAM into consideration with SAM procedures will save money, improve efficiency, and result in improved overall ITAM operations.
Click here to read more
Oracle to Release Critical Patch Update
Oracle released its Critical Patch Update in mid-July, which included seven new fixes for the Oracle database server. The July Critical Patch Update consists of a collection of patches for multiple security vulnerabilities, including 322 new fixes. In its announcement Oracle stated that "Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible." IT managers can utilize ITAM resurces to identify patched and unpatched systems.
Click here to read more
Lenovo NAS Firmware Flaw Exposes Stored Data
Researchers from Vertical Structure and WhiteHat Security recently revealed that thousands of users of Lenovo network-attached storage devices are vulnerable to data compromise due to a firmware-level flaw. The flaw enables unauthenticated users to view and access data stored on the devices. To make matters worse it is trivially easy to exploit via the Application Programming Interface. An initial investigation uncovered over 5,000 of the devices exposed on the Internet exposing over 3 million files. The affected devices include several models of Iomega's StorCenter and LenovoEMC's series of NAS systems. Lenovo is no longer supporting or maintaining several of the impacted models as they have reached end-of-life status. IT managers can identify any affected devices using their ITAM toolset.
Click here to read more
If You Installed FaceApp, You Should Be Aware Of Its Privacy Policy
Users who downloaded FaceApp to predict what they will look like in old age may be upset to learn what they agreed to in the app s terms and conditions. In fact the content of the legal document is exceedingly vague. It gives the publisher rights to use the likeness, name and username of the users for any purpose. By accepting the agreement they consent to those terms forever, even if they delete the 9information. As FaceApp was developed in Russia, some speculate the app could be used to build a database of photorealistic avatars that could result in a far more convincing fake profiles on social media.
Click here to read more
CCPA/ GDPR Compliance
Many firms are working to insure their company is compliant with the California Consumer Privacy Act (CCPA) , which become effective in January of 2010. CCPA established California consumer rights including personal data request, erasures and opt-outs from organizations that store their personal information. The scope of this regulation impacts any company that stores personal data of California consumers. The act also sets a new standard for data security, requiring IoT devices transmitting or storing personal information to be encrypted to prevent data breaches. Without an efficient way of managing and locating data carrying IoT devices well compliance with CCPA can be a daunting task for organizations with thousands of IT assets.
Click here to read more
Software Licensing: Changing Terminology without Changing the Lingo
As the software business changes software asset managers need to remain current with the ever changing terms and conditions of software licenses. As the licensing models evolved terminology that may be used for more than one purpose had also evolved. One example is the word subscription. When subscription licensing first came on the scene, it was straightforward. Licensees paid an annual, fixed term, to use the software. Subscription is now being used in conjunction with maintenance agreements, and the term subscription support, or subscription maintenance has come about. However, as the terms do not have a common meaning. software asset managers must know exactly what is being offered with these new terms
Click here to read more
Office 365 Declared Illegal In German Schools Due To Privacy Risks
The German state of Hesse recently ruled that its schools may not legally use the Office 365 cloud product. Although the press release specifically targets Office 365, it also notes that Apple and Google cloud suites also do not satisfy German privacy regulations for use in schools. It does appear that the the Hessian commissioner for Data Protection and Freedom of Information (HBDI) would rather not ditch Office outright, but wants to pressure Microsoft into compliance with German law. The HDMI specified the conditions under which schools could continue to use and that the contents of Windows 10 and Office 365 telemetry be revealed in full. Until those conditions are met, HBDI says, "schools can use other tools such as on-premise licenses on local systems."
Click here to read more
This New Android Ransomware Infects You Through SMS Messages
Researchers recently discovered a strain of ransomware that attacks Android mobile operating system utilizing SMS messages. Named Filecoder, the malware has been active since early July of 2019. It is being spread through malicious posts in online forums that include Reddit and the Android developer messaging board XDA Developers. The majority of the malicious posts attempt to entice victims to download the malware by associating it with pornographic material and disguising domains with bit.ly links. Once installed Filecoder raids the victim's contact list and sends text messages to every entry. The link is advertised as a photo app but it is actually a malicious app harboring the ransomware.
Click here to read more
Industry News - Jun 2019
How the Energy Sector Can Defend Against DoS Attacks
According to the Department of Energy, in March 2019, an energy company that provides power to customers in three western U.S. states was hit with an extended denial of service cyber-attack. Although the attack did not cause service interruptions to customers, it did impact electrical system operations for nearly half a day. That event was caused by a known vulnerability and could have been prevented by installing a previously published software update. This case illustrates the vital importance of basic blocking-and-tackling security measures such as patching, in preventing DoS attacks. A comprehensive IT asset management program can be used to easily identify vulnerable systems and unpatched software.
Click here to read more
Cybersecurity: One In Three Breaches Are Caused By Unpatched Vulnerabilities
IT security professionals admit that a third of all data breaches are the result of vulnerabilities that they should have already patched. Software vendors are constantly publishing new patches to fix problems in their software; however, the users must apply the patches. Failure to do so opens them to attack via the backdoors that the vendors have patched. Finding the systems that need to be patched can be a challenge - nearly 60% of respondents indicated they can detect new hardware and software on their network within hours. But for the rest, it's a difficult manual effort for many, with nearly 40% saying less than half of their assets are discovered automatically. A fully functional IT asset management solution can be a key factor in managing the patching process and curing known vulnerabilities.
Click here to read more
NSA Warns Microsoft Windows Users of Cyber-Attack Risk
US officials at the National Security Agency (NSA) and Microsoft executives have warned that older versions of the programs may be vulnerable to malware. NSA officials indicated that a flaw known as "BlueKeep" exists in older editions of Microsoft Windows. Microsoft echoed the advisory saying that some older versions of Windows" could be vulnerable to cyber-attacks. The company urged those customers to update as soon as possible." The "BlueKeep" flaw can leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments. Firms still running Windows 7 systems can identify vulnerable systems using their IT asset management tools.
Click here to read more
The Case Against Knee-Jerk Installation Of Windows Patches
Every computer system needs to get patched eventually, but maybe not immediately. There are highly unusual patches, for example, patches for EternalBlue/WannaCry and BlueKeep, that should be applied right after they re released. However, in the vast majority of cases, waiting a week or two or three to install the latest crop of Windows and Office patches makes sense. Except for patches aimed at fixing sever vulnerabilities, IT managers who waited 1-3 weeks to install the latest patches weren t impacted. Few just-patched security holes turned into genuine mass-market malware in a matter of weeks. Conversely, hundreds of recent patches have brought down some Windows machines.
Click here to read more
5 Software License Purchasing Best Practices
Software license management can be a difficult job. Most firms have multiple software license types and extensive dispersion that govern their use of the code. It is critical that the Software Asset Manager (SAM) be able to collect and utilize information in a way that creates value and efficiency for the company. Following is a collection of best practices for purchasing software licenses:
1. Take Inventory co-locate the company s licenses in a centralized location
2. Maintain Proof of Purchase (POP) records the company must be able to prove its right to use the software
3. Track Usage knowing what licenses are in use and which are not has multiple benefits
4. Update updates help tailor the amount and type of licenses to best meet the company s needs
5. Self-Audit conducting a self-audit for compliance has multiple benefits.
Click here to read more
How Proper IT Asset Management Allows for Proper Decision Making
In too many cases IT asset or equipment management has been an afterthought in the purchase/lease decision. In reality, it should be placed at the forefront of all IT purchase decisions. A strong ITAM program is essential to a leasing program. Firms should develop a cost/benefit analysis comparing leasing and purchasing options. This effort should include the total lifetime cost of those assets, payment structure, frequency, tax benefits, life expectancy, remarketing and redeployment of retired assets, which are all part of an ITAM framework. It is important to determine if the software licenses are included in the lease program or if they are in addition for these programs and services. Lastly, consider if the maintenance program meets the organizational needs. Do the assets include a standard manufacturer s warranty or must the firm purchase a services warranty from the lessor?
Click here to read more
ITAM Policy Compliance in the Workplace
The employee handbook, AKA the employee manual or company policy manual, is used by almost every major organization. They typically cover all regulations governing employee behavior. However, few include policies regarding use of the organization s IT assets. IT asset managers can, and should, have input on the document. Examples of what ITAM-related terms could be made part of the document include:
a. employees should not install software on the organization s computers
b. employees should not use or install rogue assets
c. employees should go through a request process with the Help Desk and ITAM department to obtain required software or hardware.
Lack of clear ITAM-related regulations can lead to security breaches, new vulnerabilities and the risk of failing a software audit.
Click here to read more
76% of Mobile Apps Have Flaws Allowing Hackers to Steal Passwords, Money, and Texts
According to a recent report issued by Positive Technologies' Vulnerabilities, both Android and iOS mobile apps contain high-risk vulnerabilities. The report noted that Android devices are slightly more at risk (43% vs. 38%) than their iOS counterparts. Over 75% of all apps contain an insecure data storage vulnerability which can enable hackers to steal sensitive information stored on the device. Nearly 90% of the discovered vulnerabilities could be exploited by malware. Firms can mitigate the risks by enforcing an approved app list for devices used in the workplace and by using their ITAM solution to scan all devices used on the network.
Click here to read more
Hackers Are Poking at a MacOS Flaw Apple Left Unfixed
A recently discovered vulnerability in Apple s MacOS Gatekeeper software could allow malware to be installed on a system undetected. Gatekeeper scans apps that are downloaded from outside of Apple s App Store to determine if they ve been code-signed. An app is code-signed to ensure that its software comes from the developer it claims to and that it hasn t been tampered with. Gatekeeper also maintains a blacklist of identified malware. However, Gatekeeper doesn t treat all files equally, and it considers applications whose origins are from external drives or shared over a network, as safe. Consequently, if you can convince a user into opening a file with a symbolic link to a Network File System, the hacker can insert malware onto the victim s system without Gatekeeper intercepting the download.
Click here to read more
Industry News - May 2019
50,000 Companies Exposed To Hacks of 'Business Critical' SAP Systems: Researchers
Security researchers recently discovered new ways to exploit vulnerabilities of SAP systems that haven t been properly protected. They published the tools to protect those systems. Up to 50,000 companies running SAP software are at risk of being hacked. SAP said it issued guidance in 2009 and 2013 on how to correctly configure the security settings. However, data compiled by the security researchers at Onapsis indicates that 90% of affected SAP systems have not been properly protected. Onapsis Chief Executive, Mariano Nunez, said that Basically, a company can be brought to a halt in a matter of seconds. With these exploits, a hacker could steal anything that sits on a company s SAP system and also modify any information there so he can perform financial fraud, withdraw money, or just plainly sabotage and disrupt the systems. SAP stated that it always strongly recommends that customers install security fixes as they are released. IT managers can use their ITAM solutions to locate unpatched systems.
Click here to read more
Cisco Issues Critical Security Warning For Nexus Data-Center Switches
Cisco recently issued 40 security advisories however only one of them was deemed critical. That vulnerability is in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch and could enable an attacker to secretly access system resources.
The vulnerability has a Common Vulnerability Scoring System importance of 9.8 out of 10. It involves a problem with Secure Shell (SSH) key-management that allows a hacker to connect to the affected system with the privileges of a root user. The vulnerability affects Nexus 9000s running a Cisco NX-OS software release prior to 14.1. Cisco noted that there were no workarounds to address the problem and has released a free software update that addresses the vulnerability. IT managers can utilize their IT asset management solutions to locate switches without the software fix.
Click here to read more
Measure for Success: The Four Guideposts for ITAM Processes
Peter Drucker coined the phrase, You can t manage what you can t measure . This philosophy extends to the management of ITAM processes. Effective ITAM processes must meet stakeholder requirements while including components needed to manage the process. Utilizing checkpoints that test the function, quality, efficiency and risk of the process are the four key components that ITAM professionals need to construct, to ensure sound ITAM processes that can be measured.
Click here to read more
Building A SAM Program: Update Existing Or Rip & Replace ?
Developing a Software Asset Management (SAM) program or organization would seem to be a straightforward and simple process. Every IT operation has a framework for the who , what , where , when , why and how of SAM. There is even an ISO standard (ISO 19770) that describes this framework and provides a roadmap for SAM organizations. However, the reality of SAM is that the process cannot be developed in a vacuum. Building a SAM operation from scratch based on the ISO 19770 standard and framework would be a great approach if the SAM program was being developed and deployed as the company was being established. However, because SAM supports the broader corporate structure, it must be integrated within defined and existing organizational processes and procedures. SAM is not a standalone function but acts as a provider of data and information critical to many facets of the organization, including finance, risk management, IT security, development, procurement, human resources and many more.
Click here to read more
Enterprise It Asset Management (ITAM)
As the Information Technology (IT) industry rapidly evolves it is critical that organizations maintain their ongoing efforts to manage the entire spectrum of their IT assets. This includes desktop PCs, laptops, software licenses, phones, servers, printers, routers and switches. An effective enterprise ITAM program provides a multitude of business benefits. They include, but not limited to, enforcing compliance, mitigating risks, increasing the ROI on IT assets, securing information, reducing costs, supporting business continuity, enabling growth, and protecting the integrity of the organization s brand. An investment in ITAM truly pays for itself. An automated ITAM solution with a short time-to-value can produce measurable benefits even in the short term.
Click here to read more
WhatsApp Has Exposed Phones to Israeli Spyware -- Update Your Apps Now
WhatsApp identified a major cyber-security breach that enables Spyware to be installed on phones through voice calls. The vulnerability affects both iPhone and Android devices. The malicious code is transmitted even if a user does not answer an infected call. WhatsApp engineers have been working to patch the vulnerability and the company has recently deployed a fix to servers and to customers. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Click here to read more
Prevent a Worm by Updating Remote Desktop Services (CVE-2019-0708)
Microsoft recently released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services. The vulnerability affects older versions of Windows. This vulnerability is wormable. That means that any future Malware that exploits this vulnerability could propagate among vulnerable computers in the same way that the WannaCry Malware spread in 2017. It is critical that affected systems are patched as quickly as possible to prevent such a scenario from occurring. Microsoft is providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows. IT managers are encouraged to use their IT asset management solutions to identify affected systems.
Click here to read more
Coming To Windows 10: More Browsers, Not Fewer
According to a company program manager, Microsoft will continue to include Internet Explorer 11 (IE11) and the original Edge with Windows 10. However, Fred Pullen, a principal program manager on the Edge team, stated that "Our guidance for years has been as you upgrade your web applications to modern standards, you can alleviate yourself of the dependency on Internet Explorer. When we introduced Windows 10, our suggestion to customers was to standardize on Microsoft Edge using EdgeHTML as your modern browser and fallback to IE11 as needed just for backward compatibility." In that fallback option, the IT group would need to create an Enterprise Mode Site List of URLs to apps and sites that required some of those IE compatibility modes, or IE-associated technologies that Edge didn't support. IT could also instruct every intranet site to open in IE11.
Click here to read more
Consumer IoT Devices Are Compromising Enterprise Networks
According to a new report, employee-owned Internet of Things (IoT) devices are proliferating within enterprise networks, exposing organizations to a wide range of attacks. The study found 270 different IoT device profiles from 153 different IoT manufacturers. In the aggregate, these devices handled over 55 million device transactions in a single month. Nearly all of the IoT transactions were conducted over a plaintext channel. Less than a fifth of IoT devices use SSL exclusively to communicate in enterprise settings. The IoT proliferation is just another cycle of the BYOD challenges that security teams were first forced to face a decade ago. The security risk posed by IoT devices underscores the need for IT professionals to have an ongoing awareness of what devices are connected to the network.
Click here to read more
To read the entire report go to: https://www.zscaler.com/resources/industry-reports/IoT-in-the-enterprise-2019.pdf
Structural Integrity: Quantifying Risk with Security Measurement
An effective method for measuring security metrics is the Goal-Question-Metric approach. It starts with a goal for the security program, then determines what questions need to be addressed to achieve the stated goal and then determines what metrics would answer those questions. The author relates that a key set of questions includes: a) What type of devices are on the network? b) Where does the sensitive data reside? And c) Who has access to the sensitive data? The metrics to answer these questions include: a) the number and type of devices on the network, b) the OS and distribution of devices on the network, c) the number and type of approved applications on workstations, d) the number and type of devices up-to-date on OS patches and e) the number of devices up-to-date on application patches. Clearly an effective IT asset management tool can assister in answering the critical questions related to measuring a firm s security readiness.
Click here to read more
.
Industry News - Apr 2019
Cisco Warns of Two Security Patches That Don t Work, Issues 17 New Ones for IOS flaws
Cisco has issued 17 security advisories involving 19 vulnerabilities in its IOS and IOS/XE software, which runs most of its routers and switches. The company also advised users that two patches for its RV320 and RV325 Dual Gigabit WAN VPN Routers that were issued earlier are incomplete and will be redone and reissued. Cisco rates both those router vulnerabilities as High. One vulnerability is due to improper validation of user-supplied input. If left unpatched an attacker could send malicious HTTP POST requests to the web-based management interface of an affected device. The attacker could then execute arbitrary commands on the underlying Linux shell as root. The second exposure is due to improper access controls for URLs, allowing. an attacker to connect to an affected device via HTTP or HTTPS and request specific URLs, allowing the attacker to download the router configuration or detailed diagnostic information.
Cisco said firmware updates that address these vulnerabilities are not available and no workarounds exist, but is working on a complete fix for both.
Click here to read more
Gustuff Malware Can Steal from Banking Apps, Then Spread via Contact Lists
Research from security firm Group-IB has identified a new type of malware affecting Android devices that is capable of stealing credentials and initiating bank transactions for more than 100 banks and 32 virtual currency apps. The malware, dubbed Gustuff, targets top international banks including Bank of America, Wells Fargo, Chase, Capital One, among others. It can also steal from cryptocurrency apps such as Bitcoin Wallet and Coinbase. In addition Gustuff can phish usernames and passwords from PayPal, Western Union, Walmart, eBay and WhatsApp.
Gustuff infects victims using a text message, convincing them to provide access to the Android Accessibility function which enables Android phones to take action by default. Once installed, Gustuff can siphon funds from payment software called Automatic Transfer Service.
Click here to read more
Kaspersky Lab Will Warn You If Your Phone Is Infected With Stalkerware
Kaspersky Lab recently announced that it would start flagging stalkerware as malicious software. Users of its Android app will be warned when stalkerware is detected on their phones and be given the option to delete them. When stalkerware is installed on mobile devices it accesses personal data including GPS location, text messages, photos and microphone feeds. Last year Kaspersky Lab found stalkerware on over 58,000 mobile devices. The protection is available on Android devices, because stalkerware isn't as prevalent on iOS devices. Symantec s, Norton also blocks spyware and stalkerware. The Norton software flags instances when location information is being sent from apps.
Click here to read more
Companies See Broader Benefits From GDPR Compliance
The mandates established for IT operations in the European Union's Global Data Protection Regulation provide an opportunity for companies to better understand their IT infrastructure while, improving their data security efforts. It also helps them to prepare for any privacy regulations that may be enacted in the U.S. Companies that have invested in GDPR compliance are finding that the benefits from those investments go beyond mere compliance with to include a range of other IT asset management benefits.
Click here to read more
Health Care s Huge Cybersecurity Problem
The health care industry relies heavily on technology that s connected to the internet. However, those technologies are often vulnerable to cyberattacks. Moreover, the technologies inside of hospitals vary widely. Some devices are new, but others are legacy devices or run on old software with gaping security holes. What s more, experts say that hospitals often don t know what systems run on the devices that they use every day. Christian Dameff, cybersecurity researcher and informatics fellow at the University of California San Diego Health noted that These devices are often black boxes to hospitals. That s not that hospitals do not pay any attention to their computing systems, but data security practices in place in hospitals usually prioritize protecting patient privacy. As health care organizations can be fined under HIPPA for exposing patient data they may ignore the fact that devices that do not have patient health info can be vulnerable to cyber-attacks. A robust and flexible IT asset management system could help hospital IT managers better understand the entire network
Click here to read more
Gov t Warns On VPN Security Bug in Cisco, Palo Alto, F5, Pulse Software
The Department of Homeland Security has issued a security warning involving Cisco, Palo Alto, F5 and Pulse VPN. DHS warns that some packages may improperly secure tokens and cookies, thus allowing hackers an opening to invade and take control over an end user s system. Carnegie Mellon's CERT also reported that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. F5 said it was aware of both vulnerabilities and has issued advisories for both CVE-2013-6024and CVE-2017-6139. CVE-2017-6139 has been fixed in BIG-IP 12.1.3, 13.1.0 and 13.0.1.Pulse Secure noted that it had already fixed this vulnerability in the latest Pulse Desktop Client and Network Connect product. Pulse issued a related Security Advisory to disclose this to the public - Security Advisory SA44114. CERT said it is unaware of any patches at the time of publishing for Cisco AnyConnect. IT managers can use their IT asset management tools to identify patched and unpatched systems.
Click here to read more
A Strong SAM Program is an IT Asset Manager s Best Friend
An IT Asset Management (ITAM) solution and a comprehensive software asset management (SAM) program is essential to a firm s bottom line. SAM is more than just counting software suites. A good SAM program helps IT management correctly evaluate how much software the organization needs. With the SAM program in place, the organization acquires only the right amount of software. SAM program also provide a tool for avoiding non-compliance fines. Without a good SAM program, the value of an ITAM-only program can be negated by the cost of an audit. SAM programs give IT Asset Managers the right amount of control over software assets to help organizations derive the most value from their IT budgets.
Click here to read more
Kaspersky: 70 Percent of Attacks Now Target Office Vulnerabilities
According to information collected by Kaspersky Lab, Microsoft Office products are the top target for hackers. The company recently reported that almost 70 percent of the attacks its products have detected in the last 3 months of 2018 tried to leverage a known Microsoft Office vulnerability. In contrast, in Q4 2016 Office vulnerabilities accounted for just over 15 percent of all attacks. The company noted that "An interesting side note, none of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components."
For example, two of the most exploited vulnerabilities, CVE-2017-11882 and CVE-2018-0802, impact Office's legacy Equation Editor. To mitigate risks associated wit MS Office, IT managers can utilize their IT asset management toolset to identify vulnerable devices and unpatched software.
Click here to read more
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
Recorded Future published an analysis that focused on an exploit kits, phishing attacks, or remote access trojan co-occurrences that leveraged a known vulnerability for the year 2018. The firm analyzed thousands of sources, including code repositories, deep web forum postings, and dark web sites. The intended audience includes information security practitioners, especially those supporting vulnerability risk assessments. The report noted that Many vulnerability management practitioners face the daunting task of prioritizing vulnerabilities without adequate insight into which vulnerabilities are actively exploited by cybercriminals. The report outlined the top 10 vulnerabilities from 2018. It is important that IT professionals can identify those vulnerabilities that impact a company s technology infrastructure and are used in exploit kits, to distribute a remote access trojan (RAT), or which are used in phishing attacks.
A comprehensive IT asset and software inventory can help identify vulnerable devices and programs. The complete repot can be downloaded by accessing the URL shown below.
Click here to read more
Cyber Readiness Worsens as Attacks Soar
According to a recent report from Hiscox, the number of companies in Europe and the United States that were victims of a cyber-attack over the past 12 months has increased over 60%.
The Hiscox Cyber Readiness Report 2019, which was is compiled from interviews with over 5300 cybersecurity professionals in the US and the E.U. revealed a 45% increase over the number of firms suffering an attack in the 2018 report. Average losses were also up over 60%: from nearly $230,000 last year to just under $370,000 in 2019. Losses at large firms neared $700,000, compared to$162,000 in 2018. Companies can use their IT asset management tools to identify vulnerabilities before an attack occurs and reduce the probability of a successful attack.
Click here to read more
How SMBs Can Better Protect Their Business and Customer Data
Business owners need to protect their data and their customer information. A single data breach can cause their customers to lose their trust in the company and business will suffer as a result. By following certain best practices, firms can secure their data to make it less vulnerable. The National Cyber Security Alliance and the Better Business Bureau recommend that firms update their systems and software and insure that computers, devices, and software have the latest security updates and patches. An IT asset solution is a key part of identifying vulnerable assets or unpatched software.
Click here to read more
Over Two Million IoT Devices Vulnerable Because Of P2P Component Flaws
Over two million IoT devices come equipped with a vulnerable P2P firmware component that enables hackers to locate and control those systems. Vulnerable devices include IP cameras, baby monitors, smart doorbells, DVRs, and similar systems sold by a number of firms. All of the affected devices use iLnkP2P, a firmware component that enables the device to communicate with the vendors' servers using the P2P (peer-to-peer) protocol. Security researcher Paul Marrapese identified two vulnerabilities in this component. They are tracked under the CVE-2019-11219 and CVE-2019-11220 identifiers. The first vulnerability "allows attackers to rapidly discover devices that are online," and the second "allows attackers to intercept connections to devices and perform man-in-the-middle attacks" and "to steal the password to a device and take control of it."
Click here to read more
Tech Manufacturers in the Crosshairs
Cyberattacks are no longer a passing concern for technology manufacturing companies. The number of cyberattacks is increasing as smart machines replace legacy equipment. The Chubb Cyber Index reports that ransomware attacks against manufacturers exceed similar attacks against all other industry segments. Verizon s 2018 Data Breach Industry Report indicated that data breaches affecting manufacturers had also increased. However, despite the risks posed, the advantages of the Industrial Internet of Things (IIoT) have become an integral part of efficient production methods. As such, technology manufacturers must improve the security of the connections between their OT systems and IT systems to prevent unauthorized network intrusions. The first step in this process is to perform a technology audit of the IT and OT systems to identify those assets that are connected to the network. For example, often old printers are connected to the network. With the IT and OT systems are also on that same network, a hacker can potentially leverage the printer s obsolete operating system to gain entry onto the network. by the National Institutes of Standards and Technology (NIST) has issued cybersecurity standards, guidelines and best practices of a certified framework for such audits. A working IT asset management toolset can expedite these audits and provide an ongoing view of the entire network.
Click here to read more
The Gathering Storm SAM in the Age of the Cloud
Traditional licensing SAM tools have focused on governance, compliance and managing licenses as assets owned by the business. SaaS subscription management is similar to inventory or stock management. Managing cloud-based software must ensure that the company is paying for only what being used and reducing costs where possible. Effective SaaS inventory management consists of three main components: forecasting analysis, optimizing procurement and Inventory control. This article provides a detailed description of each of these functions as they relate to SaaS software management.
Click here to read more
Industry News - Mar 2019
Machine Learning in ITAM Tools
With artificial intelligence (AI) initiatives taking center stage at many organizations, the question for IT Asset Managers is what will AI mean for ITAM? Benefits relating to IT asset management may be on the horizon. As machine learning, a form of AI, uses statistical models that perform a function without interaction with a human. Instead it relies on inferring information from observed or recorded patterns, absorbing information and extrapolating the correct actions. If ITAM tools utilized machine learning they could conceivably automatically predict the total cost of ownership, amount of risk and if an asset should be leased or purchased. Software license compliance, the risk of an audit and the amount of Shelfware could also be automatically analyzed. The AI of the future will only make IT asset management more effective.
Click here to read more
Verizon Warns Enterprises About Internal Security Threats
According to Verizon s 2018 Data Breach Investigations Report, nearly a quarter of cybersecurity incidents and almost twenty percent of data breaches were caused by from people within an organization. The report identified five categories of inside threat actors, including the Careless Worker, the Inside Agent, Disgruntled Employee, the Malicious Insider, and the Feckless Third Party.
With external attacks, it can take months for organizations to detect intrusions, however as insiders have fewer barriers to overcome the time it takes to detect a breach can be much longer.
Click here to read more
Windows 10 closes in on Microsoft s 1 Billion Device Goal
Microsoft recently announced that Windows 10 is now running on 800 million devices worldwide, Microsoft has announced. That number indicates that means Windows 10 is the most popular desktop operating system in the world, however it represents fewer users that Microsoft s original goal one billion devices within three years of its release. According to Net Applications, Windows 10 is currently installed on just over 40 percent of PCs, with Windows 7 with a share of around 38.5 percent. Companies with mixed Windows OS environments can use their ITAM tools to plan an efficient migration to Windows 10 before Windows 7 is no,longer supported.
Click here to read more
Senate Report Highlights Equifax Neglect Before Data Breach
A bipartisan Senate subcommittee on Equifax Inc. s years-long failure to prioritize cybersecurity left the company vulnerable to a data breach that exposed more than 145 million Americans personal information. The Senate audit revealed that, as of 2015, Equifax did not have a complete IT asset inventory or accurate network documentation. The risk of not having this inventory makes it difficult to ensure systems are patched in a timely manner and are being regularly scanned for security vulnerabilities. Moreover, the report stated that Equifax didn t have a written policy on patching known vulnerabilities until 2015. An internal audit that year found a backlog of vulnerabilities that were yet to be patched. The patching issues remained before the 2017 breach, the report said.
Click here to read more
Microsoft: Windows 10 Can Now Automatically Uninstall Buggy Updates
Microsoft has a cure for to automatically downloaded Windows 10 updates that aren't compatible with the device on which they are installed. Windows 10 can now remove "problematic updates" without any user interaction. The feature addresses updates with severe incompatibility issues, especially those that prevent a Windows 10 PC from starting up. According to Microsoft, If a Windows 10 device has a startup failure after installing certain updates, the device will display the following: "We removed some recently installed updates to recover your device from a startup failure."
Click here to read more
'100 Unique Exploits and Counting' for Latest WinRAR Security Bug
A vulnerability that impacts all the WinRAR versions released in nearly the last 20 years has recently become a popular exploit for malware distributors. WinRAR is a downloaded Windows data compression tool that focuses on the RAR and ZIP data compression formats for all Windows users. Several campaigns have been identified whereby cyber-criminal groups and/or nation-state hackers attempted to exploit the WinRAR vulnerability to install malware on their targets devices. Using the vulnerability an attacker can create booby-trapped archives that when unpacked with the WinRAR app will install malicious files anywhere on users' systems. IT managers are reminded to use their IT asset management tools to identify unpatched devices that may still harbor vulnerabilities.
Click here to read more
Microsoft Warns Windows 7 Users of Looming End To Security Updates
Starting April 18 Microsoft will begin warning Windows 7 users that security updates will come to an end on January 14, 2020. Microsoft will stop issuing Windows 7 security updates as part of its ongoing effort to move to its latest software, which provides an improved security foundation and improvements to mitigate cyberattacks attacks. According to Net Applications, Windows 7 is still in use in 40 percent of the desktop market. Enterprise customers will have the option to pay for extended security updates until 2023. Windows 7 s successor, Windows 8, will continue to receive updates until January 10, 2023. IT managers can use their IT asset management tools to identify all the Windows 7 devices on their networks.
Click here to read more
Zero-Day in WordPress SMTP Plugin Abused By Two Hacker Groups
Two cyber-security companies have discovered attacks leveraging a zero-day vulnerability in "Easy WP SMTP," a WordPress plugin with over 300,000 active installs. Hacker groups have were using the vulnerability to hijack traffic from the affected sites. The problem was reported to the plugin's author and was patched on Sunday, March 17, in release of v1.3.9.1. Attacks continued throughout the week, with hackers trying to take over as many sites as they could before site owners applied the patch. IT managers can use their ITAM tools to identify unpatched devices.
Click here to read more
Would You Quit Your Job Over Bad Software? 24% of Employees Have Considered It
Companies spend nearly $1.5 trillion a year on business software and related IT services. However, according to a recent report from G2, many staffers are either unaware of or unhappy with the provided software tools. The G2 reported that almost 60% of employees either cannot name all the software platforms and tools in their department, or do not know how many software tools are in use. The report also found that over 4% of respondents said they use more than 50 software platforms while nearly 6% use more than 20, but f employees have any influence on software decisions. IT managers can use their IT asset management tools to determine what software goes unused to manage their software budgets more effectively
Click here to read more
Industry News - Feb 2019
Microsoft to End IE10 Support Years Early, Tells Enterprises to Upgrade to IE11
Microsoft notified the remaining users of Internet Explorer 10 (IE10) that it would end support three years earlier than promised. The company will cease distributing security updates for the browser in January 2020. IE10 was scheduled to receive security updates until October of 2023, which would coincide with the retirement date for Windows Server 2012. In a statement the company said that "Starting in the spring of 2019, commercial customers running Windows Server 2012 and Windows Embedded 8 Standard can begin using IE11 in their test environments or pilot rings. You will have until January 2020 to complete the transition from IE10 to IE11. After this, we will not release any security or non-security updates, free or paid assisted support options, or online technical content changes for IE10." Licensees are encouraged ti use their IT asset management tool to identify those systems and networks that will need to be upgraded to IE11.
Click here to read more
Communicating the Importance of ITAM
In many organizations, IT Asset Management is rarely recognized as a core business practice. Consequently, IT Asset Managers need to do most of the work involved in convincing executives to recognize the business value of ITAM. This effort involves negotiation skills to argue for the program acceptance, funding and resources that are all part of implementing best practices. Therefore, before even starting, implementing and growing the ITAM Program, there must be communication with, and approval from, the executives of the organization. This article explores several effective steps and methodologies for communicating with C suite executives.
Click here to read more
How Can You Save Costs On Support And Maintenance?
Maintenance and support costs constitute a substantial source of revenue for software publishers and are often a significant component of corporate software budgets. Support and maintenance typically include the license rights to new product features, updates, bug fixes and phone, web-based or even on-site support. Maintenance and support fees are typically priced to be about twenty percent of the total license fees. These fees are rarely discounted and many software publishers have strict clauses on how the end users can terminate support. This article provides some guidance on how to limit and manage those maintenance and support fees.
Click here to read more
How to Avoid Ransomware and Avoid Damaging Your Business
Statistics indicate the almost half of all ransomware attaches of all attacks target small businesses and that over half of small businesses that suffer an attack are out of business within six months following the event. Clearly, business must take precautions to protect their business and their customers data. Some suggestions include assessing the company s vulnerability and remediating potential vulnerabilities, using an fully-capable anti-virus software and performing a full software and hardware inventory to identify unpatched and obsolete software and hardware configurations.
Click here to read more
The Secret to Comprehensive, Scalable, and Effective Cybersecurity
Forbes Magazine recently reported on key features that are essential for effective cybersecurity. The article notes that One of the simplest truths of cybersecurity is that you can t protect what you can t see. Without an accurate inventory of every asset and service connected to the network, it s not possible to discover vulnerabilities, identify configuration or other security issues, or detect suspicious or malicious activity on them. The article goes on to say that IT team members need to comprehend the exposure of assets and the potential security or compliance impact in order to prioritize risk and allocate scarce resources.
Click here to read more
Windows 7 Add-On Support To Cost Up To $350 per PC For 3 More Years Of Patches
Computerworld recently reported that Microsoft will charge companies up to $350 per Windows 7 PC for continued OS security updates after Windows 7 is officially retired next January. According to a Microsoft announcement in September 2018, "Windows 7 Extended Security Updates" (ESU will add security support through January 2023. IT managers can use their ITAM tools to identify those systems currently running Windows 7 to plan for ESU costs or migrate to windows 10 ahead of the January date.
Click here to read more
4 Ways Your Company Can Avoid A Data Breach
Citing a report from Balbix and the Ponemon Institute, and complementing the above referenced Forbes article TechRepublic listed for ways organizations can protect against cyber threats. First on the list od re34commended actions was to discover all exiting IT assets and identify known vulnerabilities. TechRepublic noted that Organizations must uncover all internal, cloud, and third-party IT assets that touch their network and could act as an entry point for cybercriminals. This includes servers, applications, managed IT infrastructure, and cloud assets, but also BYOD, Internet of Things (IoT) devices, industrial control systems (ICS), and third-party assets from other business partners. This key action is only possible with a fully functional IT basset management solution in place.
Click here to read more
One in Three Enterprises Can t Protect Themselves From Data Breaches
According to a recent survey conducted by Balbix in conjunction with the Ponemon Institute, one third of the respondents do not believe they have the capabilities required to fend off a cyberattack or prevent a data breach. The survey results indicate that vulnerability patch management and a lack of skilled staff required to manage even basic bug resolution procedures are the main barriers to preventing data breaches. In fact, only 15 percent of the individuals surveyed believed their patching efforts were "highly effective." An effective IT assert management tools can identify unpatched systems, or systems running vulnerable software, making the patching process more efficient.
Click here to read more
How Companies Overspend Millions on IT Procurement
Overspending on IT is a common phenomenon for large organizations. Without a comprehensive IT asset and software asset inventory companies can buy too much or make duplicate purchases. Companies can take several simple steps to limit duplicates and overspending. They include using an IT asset management tool to create accurate and current inventory reports and to identify unused hardware and software. Without a clear understanding of what is on hand overspending on IT will continue.
Click here to read more
Cisco: Patch Routers Now Against Massive 9.8/10-Severity Security Hole
Cisco is urging customers using its wireless VPN and firewall routers to install updates immediately. The company has discovered a critical flaw that enables remote attackers to break into a network. If he vulnerability is not patched, any attacker with any browser can execute code of their choice using the web interface that manages the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The bug has been tagged as CVE-2019-1663and has a severity score of 9.8 out of a possible 10 under the Common Vulnerability Scoring System (CVSS). IT managers can use their IT asset management tools to identify affected routers, facilitating the patching process.
Click here to read more
Industry News - Jan 2019
Android Messages Automatic Spam Protection Has Started Rolling Out
Google has begun making automatic spam protection within the default Android Messages app available to some users. After displaying a notification informing the user that the feature has been enabled, the app will begin analyzing received messages to detect and proactively block spam messages. Google said that the new feature is currently being released gradually in a few countries, and will make it more widely available in the coming months. Google downplayed privacy concerns regarding the way that the feature tracks and stores details about the messages sent noting that Google temporarily stores the phone numbers of people sending and receiving messages with you and the times they messaged with you, but does not store your phone number or the content of these messages.
Click here to read more
Google s Fuchsia OS Confirmed to Have Android App Support via Android Runtime
Google s upcoming operating system, Fuchsia, will employ a specially designed version of the Android Runtime (ART) to run Android applications. This version of ART will be installable on any Fuchsia device using a .far file, which is the equivalent of Android s APK. However, it is not clear exactly how Fuchsia will use the Android Runtime. What is clear is that Fuchsia devices are intended to run Android applications. As Android is the world s most popular operating system, and offering support for the vast wealth of Android apps in the Play Store will facilitate the transition from Android to Fuchsia easier.
Click here to read more
Double Trouble: Two-Pronged Cyber Attack Infects Victims with Data-Stealing Trojan Malware and Ransomware
Cyber criminals are targeting victims with a two-pronged attack. First the attack secretly infiltrates systems with the Vidar data-stealing malware. Almost immediately after the Vidar is installed GandCrab ransomware is inserted onto the infected system. Vidar is a new form of malware that targets vast amounts of victims' personal information. GandCrab is a popular file-encrypting malware and is is regularly updated with new features designed to make it more potent, and more difficult to detect. J r me Segura, security researcher head of investigations at Malwarebytes noted that "Keeping your systems up to date ensures that you will not be infected via drive-by downloads that use already patched vulnerabilities.
Click here to read more
CES 2019: BlackBerry Secure Feature Packs Aspire To Give Trusted Security to 'All Smart Things
BlackBerry announced its Blackberry Secure feature packs at CES. The company said that the new feature packs will make it easier for companies to bring secure Internet of Things (IoT) devices to market. Blackberry positioned its Secure feature packs as providing trusted software and a proven certification framework for companies to securely build smart products. Using the blackberry products developers will not need to develop in-house technology and deep cybersecurity expertise. BlackBerry will review each new device before it is certified as BlackBerry Secure.
Click here to read more
The Pentagon Has More than 250 Cyber Gaps in Its Networks, Watchdog Says
The Defense Department Inspector General reported the DoD had 266 cyber vulnerabilities highlighted in previous watchdog reports. The bulk of the vulnerabilities resulted from the agency s approach to identifying potential gaps in its cyber security and proactively defending against cyber threats. Many of the shortcomings were related to cyber governance. the IG commented that Without proper governance, the DoD cannot ensure that it effectively identifies and manages cybersecurity risk as it continues to face a growing variety of cyber threats from adversaries, such as offensive cyberspace operations used to disrupt, degrade, or destroy targeted information systems. A major component of cyber governance is the ability to accurately inventory all the devices on a network and determine tat all sys6tems are patched and are running current software versions.
Click here to read more
IoT Security Is So Bad, Many Companies Can t Tell When They re Hacked
A recent report from the security company Gemalto surveyed nearly 1000 companies that make and/or use IoT technology noted that almost half of the companies use IoT devices have no way of detecting if any of their devices have been hacked. As the number of connected devices increases the security of these devices will only become more critical. Currently IoT security spending has increased from 13% in 2017 to 15%. Although budget is increasing, 15% growth seems insignificant in a time when data breaches are virtually a daily event.
Click here to read more
Trojan Malware Is Back and It's the Biggest Hacking Threat to Your Business
A recent report from Malwarebytes Labs indicates that that the number of trojan and backdoor attacks have increased to become the most detected attacks against businesses. The number of trojan attacks has increased by more than130 percent between 2017 and 2018. Backdoor up attacks have increased by more than 170 percent. Attacks using spyware that gathers information on a device and sends it to a third-party have also increased by more than 140 percent in the same period.
Click here to read more
Cost Savings Vs Cost Avoidance What s The Difference?
Most companies are interested in cost savings, especially as it relates to software spending. A cost saving involves reducing the amount of money that is spent or budgeted. Examples include: a) the termination of support maintenance on software licenses that are no longer used
b) replacing of existing software licenses and maintenance fees for less expensive licenses and support fees, c) converting to a less expensive support maintenance type and d) renewing only the cloud subscription licenses that are actually in use. In contrast, when firms perform regular internal reviews to identify and remediate compliance issues before the publisher determines requests an audit, costs related to the audit are saved and the action is classified as Cost avoidance . In either case, a robust IT asset management program is critical to the success of the program.
Click here to read more
Windows 10 1809 Fiasco May Hinder Enterprise Migrations From Windows 7
Microsoft's long delay in releasing the latest Windows 10 feature upgrade could not have come at a worse time. The slow delivery may impact enterprises' migration from Windows 7 to the longer-supported versions of Windows 10. But a bug in the new release of Windows 10 that deleted users' files forced Microsoft to withdraw the upgrade from all release channels. Consequently, customers running PCs running Windows will likely run the new version for just three months rather than six, before they're required to upgrade to the following release. The delay will also impact upgrade plans for enterprises, which are allotted 30 months of support for each version.
Click here to read more
Industry News - Dec 2018
Insiders Are Serious Threats to Cybersecurity in an Organization
A firm s employees can be the company s weakest cyber-security link and the greatest cause of a cyberattack and a data breach. Employee negligence, such as not knowing how their actions create a risk the company s data security, remains the biggest cyber-risk. However, the malicious insider is another factor that also demands management s attention. According to one recent report, malicious insiders are responsible for over a quarter of all cybercrime. researcher Tim Condello, technical account manager and security researcher at RedOwl noted that
Recruitment of insiders is increasing, and the use of the dark web is the current methodology that malicious actors are using to find insiders.
Click here to read more
Appeals Court Upholds US Government Ban on Kaspersky Software
A federal appeals court recently upheld the federal government s ban on Moscow-based cybersecurity firm Kaspersky Lab s software. Kaspersky fought the ban, but a district court ruled against the company s claims, and the Court of Appeals for the D.C. Circuit supported that previous decision. Last year The Department of Homeland Security ordered government agencies to stop using and remove Kaspersky Lab software due to concerns about the company s ties to the Russian government. Later Congress included a mandate for agencies to remove Kaspersky software from their systems as part of the annual defense bill. Agencies can use a software asset management tool to determine if the software is still on their networks.
Click here to read more
Cyber Insurance Disputes Rise with Attacks
The Financial Times reports that sales of cyber insurance policies have been growing close to 25 percent a year. However, disputes between companies and the insurers have also increased dramatically. Rob Smart, technical director of Mactavish noted that Most cyber policies are written in a fairly restrictive way and there are points of uncertainty over how far the cover will extend. One key issue is that coverage might only include malicious attacks, but exclude issues related to security errors. Furthermore, payouts for data breaches could be limited to the legal minimum, excluding anything extra the firm may want to spend, such as informing customers of the breach.
Click here to read more
Three Out Of Four CIOs Fear IoT Performance Problems Could Derail Ops And Hurt Revenues
According to a recent survey conducted independently by Vanson Bourne for software intelligence company, Dynatrace, over seven out of ten of the 800 CIOs contacted chiefs believe that Internet of Things (IoT) performance problems could negatively impact business operations and revenues. Nearly 80 percent of CIOs said there is a risk that their firm will deploy IoT strategies without having a plan or solution in place to manage the performance of the ecosystems that support IoT installations. In fact, nearly 70 percent of CIOs believe that IoT will become a major performance management burden.
Click here to read more
How Manufacturers Can Build Lasting Cyber Resilience
As manufacturers become more dependent on digital systems, new opportunities abound for cyber-criminals. As the number of endpoints, including computers, mobile devices, and IoT systems, expands attackers have increased network locations to probe for vulnerabilities. A study by EEF earlier this year found that nearly half of manufacturers polled said they d suffered a cyber incident and almost a quarter (24%) suffered losses as a result. Part of the problem is that many firms are running a patchwork of security products from multiple vendors. In addition, many systems go unpatched, perpetuating the existence of known vulnerabilities.
Click here to read more
Using One of the Worst Passwords of 2018 Is A Great Way to Get Hacked
SplashData, a provider of password management applications, recently published its annual lstof the Worst Passwords of the Year. The firm develops the ranking after evaluating more than 5 million passwords that have been leaked on the Internet As SplashData puts it, people using any of these passwords is subjecting themselves to substantial risk of being hacked and having their identities stolen. The 2018 was the fifth straight year that included these passwords in the Number 1 and 2 spots for being the absolute worst: 123456, and password. The five worst passwords after those two are all just numerical strings. SplashData CEO Morgan Slain noted that Our hope by publishing this list each year is to convince people to take steps to protect themselves online. It s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.
Click here to read more
Microsoft Releases Security Update For New IE Zero-Day
Microsoft recently released a security update for an Internet Explorer vulnerability that is currently being widely abused. Clement Lecigne of Google's Threat Analysis Group discovered and reported the IE zero-day. According to a security advisory released by Microsoft, the IE vulnerability can allow an attacker to execute malicious code on a user's computer if it is exploited in web-based scenarios. The where attacker would need to lure a user onto a malicious site that in turn runs the malicious code on his computer. The vulnerability can also be exploited using applications that embed the IE scripting engine to render web-based content part of the Office suite.
Click here to read more
Microsoft Plans New 4K Webcams To Bring Facial Recognition To All Windows 10 Devices, Says Report
Microsoft may offer its own external webcams in 2019. One model could be intended to extend Windows Hello facial recognition to all Windows 10 PCs. The new camera will, for the first time, bring facial recognition to all Windows 10 PCs. Currently the Windows Hello facial recognition is restricted to the built-in webcams such as those installed on Microsoft's Surface devices. Microsoft's planned webcams may be linked to the USB-C webcams that it planned to ship with the forthcoming Surface Hub 2, which includes a USB-C port. The Surface Hub 2 is also planned to ship in 2019.
Click here to read more
Cyber Breaches Abound In 2019
There ids no question that cyber will become even more rampant in 2019 as ever- improving malware will be aggressively deployed across multiple fronts. As companies increase their digitization efforts to drive efficiency, reduce costs and build data-driven businesses, they also move into the target zone of hackers and cyber-criminals. The use of machine learning and AI only serves to compound the situation, as hackers work to scale their bad behavior. Things to look for include: AI-driven chatbots going rogue, an increase in crimeware-as-a-service, the increased weaponization of data, an increase in ransomware attacks and a significant rise in nation-stage cyberattacks. Cryptojacking , malware that relies on invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims, is also expected to become a larger threat.
Click here to read more
One-Fourth Of Corporate Data Now In The Cloud
A quarter of corporate data is now stored in the cloud. Enterprise managers are now more confident than ever that their data is safe and readily accessible from cloud providers. Nonetheless, there are many challenges in the area of integrating cloud services into core applications and operations. These are some of the observations published a recent survey released by the Independent Oracle Users Group, working with Amazon Web Services
The survey included over 200 data and IT managers and found that, on average, one in every four bytes of enterprise data is now managed by public cloud providers. In addition, almost fifty percent of new database projects are being built to public cloud providers. However, there will still be a large percentage of data remaining on-premises. Over 60% of respondents indicated that it is likely they will be moving into hybrid cloud arrangements over the next one to two years.
Click here to read more
Industry News - Nov 2018
Are Devices Getting More Secure?
As more devices are connected to the Internet, incorporating security into chip design is becoming more prevalent. Security concerns have been growing for the past five years, motivated by a number of high-profile attacks on retail establishments, credit reporting services and the hardware vulnerabilities were made public in 2018. However, there is real progress in combating cyber-criminals. An increasing number of devices are shipping with some form of built-in security, and device makers appear to be accepting the reality that not all connected devices will be secure. The industry needs to evolve that to provide systems that are connected and secure, as there will be more and more connected systems.
Click here to read more
Microsoft, Google Apps Feature In The Top 20 Vulnerabilities In Enterprise Environments
According to cybersecurity firm Tenable, the most prevalent vulnerabilities can potentially impact 30 percent of enterprises if left unpatched or unresolved. Microsoft and Google software offerings have the greatest number of vulnerabilities that could disrupt enterprise services and systems. In its Tenable Vulnerability Intelligence Report, the company reported that Microsoft .Net and Office, Adobe Flash, and Oracle's Java have the most widespread impact for enterprise assets.
Click here to read more
Post-Wannacry: Only 3% of Companies Are Prepared For New Types of Cyberattacks
A recent study found that companies are actually less well-prepared than their security officers believe them to be. Considering the type of security technologies that companies deploy, the study found only three percent are using threat prevention solutions that can successfully prevent a business from falling victim to a Gen V attack. Gen V attacks are multi-vector and are exponentially more damaging financial and reputational losses compared to earlier forms of attacks. To successfully fend off Gen V attacks, organizations must integrate and unify security infrastructures so they operate better together. Threat data must be shared across all entry points in real time, requiring a move from a layered, componentized security approach to one that is more holistic.
Click here to read more
Consumers Are More Concerned With Cybersecurity and Data Privacy In 2018
Recent data breaches at major companies exposed the personal information of millions of people. The recent Ping Identity 2018 Consumer Survey, measured users' trust of those companies. The report surveyed more than 3,000 consumers worldwide to determine how customers felt in this post-breach era. Per the report many people could have developed negative connotations with certain companies. Following a breach, over 75% of respondents said they would stop engaging with the brand online. Nearly 40% said they would stop engaging with the brand completely, added the report. Data breaches infringe on the consumer's personal information and impact their trust in the breached company.
Click here to read more
Google: Newer Android Versions Are Less Affected By Malware
After dedicating itself to improving Android's security, Google is finally seeing tangible results. According to company data, devices running newer Android versions have been infected far less than devices running older OS releases. According to the company, the percentage of Android devices with at least one potentially harmful application (PHA) is above the 0.5 percent figure for Android devices running OS Versions 4, 5 and 6. The infection rate for devices running for newer OS versions is much smaller. Google reports that 0.25 percent of all Android running Version 7 have at least one PHA. The percentage for devices running Version 8 and 9 is 0.14 percent and 0.06 percent, respectively.
Click here to read more
Conquering FITARA Challenges via ITAM Program Development
The two main objectives of the Federal Information Technology Acquisition Reform Act (FITARA) are to facilitate the development and operation of effective IT programs within budget and to increase collaboration among key decision makers, including the CIO, CFO and the Chief Acquisition Officer (CAO). FITARA recognizes that a successful IT program requires a governance program supported by a policy that defines roles, responsibilities and interactions across the organization. The overall process needs to be integrated with the organization s ITAM program. ITAM is key as it incorporates policies, processes, people, and technology that are coordinated with an organization s business needs. The intertwining of FITARA requirements with ITAM in Federal agencies will help to significantly reduce the risk of IT acquisition waste and enhance overall IT program management.
Click here to read more
Study: Ransomware Attacks Surge on Apple Operating Systems
According to a global Datto survey, hackers have intensified their attacks on Apple machines in the past year. Over 50% of the companies surveyed experienced a ransomware incident. The survey indicated that in companies that manage information technology for other businesses, ransomware was cited as the leading cyberattack, ahead of viruses and spyware. Datto polled 2,400 managed-services providers that use its systems to back up and secure data on behalf of other businesses.
Click here to read more
Microsoft Patches Windows Zero-Day Used By Multiple Cyber-Espionage Groups
Microsoft recently released security patches intended to fix 62 security flaws, including ma fix
for a zero-day vulnerability that was under active exploitation. The zero-day, tracked as CVE-2018-8589, affects the Windows Win32k component. Microsoft classified the issue as an elevation of privilege" vulnerability. According to the company, before an attacker could use this zero-day vulnerability, the system would have to been previously infected with some form of malware. Microsoft has also patched the zero-day that was disclosed at the end of October, which affected the Windows Data Sharing Service (dssvc.dll)..
Click here to read more
WannaCry Is Still Dominating Ransomware
Even thought WannaCry, has largely been disabled, and the deadline to pay the ransom has long passed it still accounts for nearly 30% of ransomware attacks. According to Kaspersky Lab, the ransomware is still spreading uncontrollably. The spreading mechanism that passed WannaCry from victim to victim is still active, even if the malware is not functioning. Senior malware analyst Fedor Sinitsyn noted that "This is not an uncommon occurrence, as there are multiple currently defunct worms that are still automatically spreading in the wild and infecting unpatched/unprotected machines."
Click here to read more
Major SMS Security Lapse Is A Reminder To Use Authenticator Apps Instead
TechCrunch recently reported a data breach that exposed a database of around 26 million text messages containing private customer information. The breach highlights the dangers of relying on SMS messages for receiving two-factor authentication codes over an unencrypted platform.
A Berlin-based security researcher discovered that the Voxox-managed database was unsecure and easily searchable for both names and telephone numbers. Anyone could have monitored a near-real-time data stream to intercept a two-factor authentication code sent to a user trying to log into an account. Two-factor authentication is one of the best ways to isure online security and it s common for providers to text the code to a user. Instead of relying on SMS messages, use of an authentication app such as Google Authenticator is far more secure. These apps are completely self-contained, and no sensitive data needs to be sent to them.
Click here to read more
IoT Security Problems Can Cost Enterprises Millions
The Internet of Things (IoT) is becoming increasingly integrated into many businesses. However, according to researchers at cybersecurity firm DigiCert, too many firms are not prioritizing the security around those devices. DigiCert found that a quarter of the companies having difficulty securing their IoT devices reported that they had lost in excess of $30 million due to security-related issues. Organizations will need to of secure the interoperability of these myriad devices. Mike Nelson, vice president of IoT security at DigiCert,said that "it won't be sufficient for an organization to simply secure the connections their device makes with other internal resources. IoT devices will be connecting to each other and other systems and the secure interoperability of those connections will be a unique challenge."
Click here to read more
Every Cellphone Is a Security Risk, So what s Your BYOD Policy?
Bring your own device (BYOD) practices and have a significant impact on the general data integrity and security of a company. Consequently, it s critical that any company that permits employees to use a personal device at work has an effective BYOD policy and that HR is involved from the outset. That s important because BYOD requires education, compliance and enforcement. In addition, due to the EU s GDPR regulation, companies are obligated to ensure that any data held about the employees is done in a secure manner. Consequently, the firm s Data Protection Officer must be involved in the formulation of BYOD policies to ensure GDPR compliance. As part of this, the firm must be aware of how mobile device management (MDM) software or any other endpoint security devices will affect the data of those involved.
Click here to read more
WhatsApp at Work: Companies Grapple With A Popular Ad Hoc Tool
A recent survey conducted by CCS Insights indicates WhatsApp is the most widely-used mobile app in the workplace. However, popular apps aren't the most secure apps, and employees that ignore corporate-approved messaging software and use their preferred apps can create cyber-security problems. Consumer apps lack central management capabilities and raise the likelihood that sensitive information is shared externally. Consequently, some companies have banned the use of WhatsApp. Nick McQuire, vice president for enterprise research at CCS Insights noted that WhatsApp has encryption mechanisms, but there's not enough control, governance, visibility and reassurances that enterprises need. That's understandable because it is not an enterprise service, but that's the problem they have.
Click here to read more
The Importance of Data Security
There are many documented cases of sensitive information becoming compromised because everyday electronic devices, including hard drives, SSDs, printers and photocopiers) were not properly data wiped prior to being resold or recycled. The issues surrounding any data security breach have serious ramifications, including breach of privacy, liability under GDPR, and as erosion of a company s brand loyalty. Data wiping (AKA data destruction) is the only method which allows the device to be reused. Data wiping, removes the data using software to overwrite the information stored on the hard drive or device. The practice erases just the data while leaving the disk operable to enable the reuse of IT assets.
Click here to read more