Industry News
Ed Cartier's monthly roundup of industry news
Articles relating to asset management, technology, security and cloud computing

Industry News - Feb 2024

What Policy Concerns Connecting Personal Mobile Devices to Organizational Network
The integration of personal computing devices into organizational networks has become a common practice. Called bring your own device (BYOD), the practice provides numerous benefits and challenges for IT professionals. Although it supports flexibility and productivity, it also presents concerns regarding security, privacy, and data management. As employees access company information using their personal devices, the risk of data breaches and unauthorized access increases. To reduce risks, organizations must establish robust policies to govern the connection of personal mobile devices to their networks. In addition, firms must be able to assess the vulnerability of those devices. A robust IT asset management solution can determine I f personal devices meet corporate configuration standards.
Read More
Feb 2024
Windows Zero-Day Exploited in Attacks on Financial Market Traders
Microsoft recently announced patches for more than 70 vulnerabilities, including two flaws that have been exploited in attacks as zero-days, two of which have been described as security feature bypasses. Microsoft noted that these vulnerabilities impact Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11. They can be exploited by convincing the targeted user to open a specially crafted file designed to bypass displayed security checks. IT managers can use their IT asset management tools to identify unpatched and vulnerable devices.
Read More
Feb 2024
Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software
Adobe recently called made users aware of critical flaws in the Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker. The company documented over twelve serious security defects covered in the Adobe Acrobat and Reader update. It warned that both Windows and macOS users are at risk. Adobe said that unpatched installations are at risk of arbitrary code execution, security feature bypass and application denial-of-service. The company issued fixes for code execution bugs in Adobe Substance 3D Painter, Adobe FrameMaker Publishing Server, Adobe Audition, and Adobe Substance 3D Designer. A robust IT asset management tool can be used to identify unpatched and vulnerable devices.
Read More
Feb 2024
Average Software Waste Hit $18M Last Year Despite Optimization Push
As cloud adoption spreads, cost concerns and optimization initiatives follow, Firms are combining previously discrete budgeting categories into a single line-item of tech spending. IT managers are working to maintain cost controls while maintaining adoption. according to Zylo, over 90% of IT and software asset management professionals now include SaaS into broader cloud cost governance efforts. Last year companies neglected billions in savings by not taking advantage of built-in hyperscaler savings plans and discounts. Infosys found that over $300 billion in pre-paid cloud credits lying dormant in enterprise accounts. In a separate study Zylo found that more than half of licensed SaaS applications go unused. Despite these numbers, the average organization added six applications each month last year. A robust IT asset management solution that can analyze clous software usage can be a valuable tool in elimination software spend waste.
Read More
Feb 2024
Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure
Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893, CVE-2024-22024), and follow the latest vendor advice.
Read More
Feb 2024
Flexera Buys Snow Software
On the 15th February, Flexera confirmed it had completed the acquisition of Snow Software. Flexera has long admired Snow s great products, customer value realization, talented employees, partner ecosystem, and active customer community. Flexera and Snow share harmonious company cultures, missions, and long-term strategies. Together, we will continue to deliver market leading solutions that address optimizing spend in a world of inflating costs, minimizing risks despite increasing threats and new regulations, and navigating ongoing uncertainty.
Read More
Feb 2024

Industry News - Jan 2024

CISA Adds Patched MS Sharepoint Server Vulnerability to KEV Catalog
the US Cybersecurity and Infrastructure Security Agency (CISA) has added a patched privilege escalation vulnerability impacting Microsoft SharePoint servers to the known exploited vulnerabilities (KEV) catalog. The agency cited evidence of active exploitation and has tagged the critical severity bug Microsoft previously released fixes for as part of its June 2023 Patch Tuesday updates. Tracked as CVE-2023-29357. The vulnerability (CVSS 9.8) allows an attacker, who has gained access to spoofed JSON Web Token (JWT) authentication tokens, to use them for executing a network attack. CISA has advised users to update their systems by January 31 to secure against active threats. IT administrators can utilize their IT asset management tools to identify vulnerable systems.
Read More
Jan 2024
Technical Volume 2: Cybersecurity Practices for Medium and Large Healthcare Organizations |
IT asset management (ITAM) is the process by which organizations manage their IT assets. ITAM is critical to ensuring proper cyber hygiene controls are in place across all assets in the organization. The use of discovery tools reduces unknowns across the network. ITAM should be implemented for endpoints, servers, application, and networking equipment. ITAM cybersecurity practices should be incorporated into every lifecycle stage of IT operations to maintain data accuracy and integrity. The lifecycle includes procurement, deployment, maintenance, and decommissioning. As part of its public private partnership with the NIST National Cybersecurity Center of Excellence (NCCOE), the financial sector has written a detailed ITAM practice guide: IT Asset Management (https://www.nccoe.nist.gov/sites/default/files/legacy-files/fs-itam-nist-sp1800-5b-draft.pdf)
Read More
Jan 2024
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation
Apple announced that the newest iOS 17.3 and macOS Sonoma 14.3 updates address at least 16 vulnerabilities that can expose Apple users to code execution, denial-of-service and data exposure attacks. In a separate advisory the company documents a pair of WebKit bugs (CVE-2023-42916 and CVE-2023-42917) that it says may have been exploited against versions of iOS before iOS 16.7.1. The recent updates also fix security problems in the Apple Neural Engine, CoreCrypto, Mail Search, Reset Services, Shortcuts and Time Zone. IT professionals can utilize their IT asset management tools to identify unpatched devices.
Read More
Jan 2024
45% of Critical CVEs Left Unpatched in 2023
In 2023 cyberwarfare became more widespread. Manufacturing, educational services and public administration were widely exposed to attack from cybercriminals. Older Windows server OS versions (2012 and earlier) are nearly 80% more likely to experience attack attempts compared to newer Windows Server versions. This vulnerability is especially evident in the server environment. Almost 25% of server versions are facing end-of-support (EoS) scenarios. Industries still using end-of-life (EoL) or EoS OSs that are no longer actively supported or patched for vulnerabilities are particularly vulnerable. IT professionals can use the information generated by their IT asset management solutions to pinpoint legacy, obsolete and/or unpatched systems.
Read More
Jan 2024

Industry News - Dec 2023

3 Steps to Proactive IT Cost Optimization
Modern CIOs are expected to do more with less. Although digital transformation and improved customer experiences remain priorities, efficiency improvements and cost reductions increase in importance in a time, of as economic uncertainty. Increased borrowing costs, skilled labor shortages, rising cloud pricing and supply chain disruptions are causing re-prioritization of new projects and reevaluation of ROI for ongoing and new projects. In this environment, CIOs should institue proactive IT cost optimization efforts across their business, leveraging cost reduction initiatives to act as a funding mechanism for the broader transformational initiatives. Using an IT asset management tool to identify obsolete, redundant and under-utilized systems and software can make any cost-management program more efficient.
Read More
Dec 2023
Software Spend to Rebound In 2024 as ERP, Database Move to SaaS
Cloud and software-as-a-service (SaaS) are becoming intertwined as vendors shift to Service delivery models and usage-based pricing. Premises-based software s footprint is shrinking as legacy vendors move to cloud-based delivery and usage-based pricing. The shift indicates a clear link between cloud and ERP, CRM, data management and other enterprise software products. Liz Herbert, Forrester VP and principal analyst, noted that We are definitely tracking the continued shift to the cloud. Leading software companies are all moving to cloud and SaaS that s almost without question. CIUOs can utilize the information generated by their IT asset management solutions to identify the software systems that would best benefit from a migration to an SaaS model.
Read More
Dec 2023
Microsoft Windows 10 Security Support Extension No Excuse to Put Off Patching, Asset Review
Microsoft has acknowledged that more time is needed for users to migrate to Windows 11, officially announcing that when Windows 10 support comes to an end in October 2025 there will be a means to allow consumers and businesses to purchase extended Windows support patches. This extension provides CIOs with an opportunity to review aging assets and projects. IT managers should consider those workstations that would actually benefit from upgrading to Windows 11 and identify the systems that do not have the necessary TPM or CPU to support Windows 11, or it are running applications that won't support Windows 11. In many cases CIOs are delaying an upgrade to Windows 11 because a hardware refresh is required. An IT asset management solution can help to prioritize and inventory the systems on the network and determine which roles and positions would benefit from a Windows 11 deployment.
Read More
Dec 2023
Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws
Microsoft recently released fixes for several critical security flaws in the Windows ecosystem. The company warned users hat hackers could target these issues to take complete control of unpatched machines. The Redmond firm documented at least 33 vulnerabilities across a range of products. It called urgent attention to remote code execution bugs in the MSHTML Platform, the Microsoft Power Platform Connector and the Internet Connection Sharing (ICS) components. In all, Microsoft s security response team documented at least 42 vulnerabilities with four tagged with the critical-severity rating. According to ZDI the firm has patched more than 900 CVEs in 2023. Windows administrators should pay special attention to CVE-2023-36019, which addresses a critical spoofing bug in the Microsoft Power Platform Connector. The vast number of patches released underscores the need for IT professionals to identify vulnerable and unpatched systems.
Read More
Dec 2023
Threat Actors Still Exploiting Old Unpatched Vulnerabilities, Says Cisco
According to Cisco Systems, the most targeted vulnerabilities in 2023 were older security flaws in common applications. Cisco s Talos threat intelligence division noted that threat actors clearly prefer to target unpatched systems that can cause major disruptions. In many cases the vulnerabilities were more than 10 years old. It is obvious that users had plenty of time to patch those problems. Government data indicates that 80% of the most targeted vulnerabilities were also cited by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as being frequently exploited in prior years. Using their IT asset management tools, IT managers can easily pinpoint unpatched and vulnerable systems, thwarting potential hackers.
Read More
Dec 2023
CISA Highlights Cybersecurity Guidelines For Healthcare CIOs and CISOs
The Cybersecurity and Infrastructure Security Agency (CISA) recently released a healthcare-specific cybersecurity vulnerability mitigation guide. CISA s document encourages CIOs to address key vulnerabilities including web application flaws, encryption weaknesses, and the use of unsupported software. CISA encourages healthcare IT professionals to implement and maintain an asset inventory. Cybersecurity leaders need to have a detailed listing of tall he assets on their network. They must be able to identify and comprehend each asset's relationships, interdependencies, functionalities, and the software on the network. This information is critical to protect electronic Protected Health Information (ePHI) and ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). Organizations should carry out asset inventories using active scans, passive processes, or a blend of these methods. An IT asset management solution is a key tool in acquiring this information.
Read More
Dec 2023
© xAssets 2024 All rights reserved.