Industry News Roundup

The pattern is not new: a useful software tool emerges, spreads through an organization, and is shortly considered indispensable. Unfortunately, all this happens without IT s approval process. It s known as shadow IT and it s a constant battle. Artificial Intelligence (AI) has become the newest invader. AI is here, it s being widely adopted, often doing so under the radar and surprising licensing and budget personnel at renewal. The rate of AI adoption is forcing organizations to re-evaluate their software budgets. To efficiently integrate these new AI applications, a complete review and optimization of existing software spend is critical. Doing this manually is inefficient, risky, and will likely yield inaccurate results. A better way involves leveraging an IT asset management tool to inventory software, reconcile license spend and evaluate the hardware system infrastructure.

CISA, he US cybersecurity agency recently advised organizations to urgently patch two exploited zero-day vulnerabilities in Gladinet CentreStack and Microsoft Windows. The CentreStack bug (tracked as CVE-2025-30406 with a CVSS score of 9) was disclosed in April when Gladient announced patches for it. Gladient patched the vulnerability in CentreStack 16.4.10315.56368 and urged organizations to update immediately. The Windows flaw, which is tracked as CVE 2025-29824, is described as a use-after-free issue in the platform s Common Log File System (CLFS) driver. Microsoft addressed the security defect on April 2025 Patch Tuesday. The company warned users that it has observed a threat actor exploiting it against organizations in the US, Venezuela, Spain, and Saudi Arabia. IT managers can utilize their IT asset management tools to identify vulnerable systems.

Microsoft recently released urgent updates for at least 120 Windows vulnerabilities, which included a zero-day in the Windows Common Log File System (CLFS) which is described as actively exploited. The CLFS zero-day vulnerability enables an attacker to gain SYSTEM privileges by exploiting a use-after-free bug. The flaw has a CVSS severity score of 7.8/10 and needs only low-level privileges with no user interaction. The April Patch Tuesday rollout also includes fixes for a use-after-free memory corruption flaw in Windows Hyper-V and documented a pair of critical remote code execution flaws impacting its Windows Remote Desktop Services. The Microsoft Excel spreadsheet product also received a security makeover to address at least three vulnerabilities that introduced remote code execution risks. The company also addressed critical issues with remote code execution paths in the Microsoft Office productivity suite. IT managers can utilize their IT asset management tools to identify unpatched systems.

According to The Shadowserver Foundation, there are over 5,000 internet-accessible Ivanti Connect Secure appliances that are susceptible to attacks a recently disclosed vulnerability. The issue, which is tracked as CVE-2025-22457 and has a CVSS score of 9, is described as a stack-based buffer overflow. It could be exploited by remote, unauthenticated attackers to execute arbitrary code on a vulnerable appliance. Ivanti addressed the vulnerability in February but recently stated that it misdiagnosed it as a production bug and that in-the-wild exploitation was ongoing. The vulnerability impacts Ivanti Connect Secure version 22.7R2.5 and earlier, Pulse Connect Secure 9.x, Ivanti Policy Secure version 22.7R1.3 and prior, and ZTA Gateways version 22.8R2 and earlier. Ivanti noted that only Connect Secure and Pulse Connect Secure appliances have been targeted in attacks, urging users to update their devices as soon as possible.

Companies often push off infrastructure modernization, thinking the utilizing existing IT infrastructure is a financially sound decision. However, too often enterprises try to run 21st-century operations on last-century technology, only to watch agile competitors take market share or to encounter serious vulnerabilities. The consequences of delaying It upgrades are evident across industries. Organizations that continue operating on outdated or obsolete infrastructure find themselves unable to meet market demands, customer needs or security requirements. That s why companies are finally recognizing they can t keep kicking the can down the road , and are reprioritizing modernization from a discretionary initiative to a required investment. A robust IT asset management solution can provide invaluable information to make the modernization effort more efficient and cost effective.

As AI tools find their way into every corner of the workplace, a new threat has emerged. Shadow AI, the use of unsanctioned AI tools, is proving difficult to track and even harder to control. Shadow AI is not not just another version of shadow IT. It is a much stealthier threat. Unlike traditional unauthorized software that is easier to identify AI capabilities are often hidden inside familiar, trusted software. IT professionals may believe their digital environment is secure, but sensitive data could already be flowing out of the enterprise through invisible AI channels. The numbers tell a startling story. Nearly forty percent of employees admit to using AI tools not fully approved or managed by IT. Even worse, every untracked AI interaction becomes a potential point of risk. Use of a robust IT asset management tool can identify non-standard software, or software out-of-rev with corporate standards.

CISA has advised US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. The first flaw (CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. Cisco says that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code. The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that enables local attackers logged into the target system to to run run arbitrary code in kernel mode. According to Microsoft this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms. CISA noted that "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." Microsoft and Cisco have not yet updated their security advisories after CISA tagged the two vulnerabilities as actively exploited in attacks. These flaws make the need to identify vulnerable systems paramount. A robust IT asset management solution can aid in the effort.

Microsoft s most recent Patch Tuesday updates included warnings that a half-dozen Windows security defects have already been exploited in the wild. The company labeled six of the 57 security vulnerabilities patched this month as exploitation detected. It encouraged Windows administrators to prioritize another large batch of code execution flaws. The latest exploited zero-days affected the Microsoft Management Console, Windows NTFS, the Fast FAT File System Driver, and the Win32 Kernel Subsystem. According to Microsoft, the exploited bugs allow security features bypass, remote code execution, privilege escalate via memory corruption issues. IT managers can utilize their IT asset management tools to identify unpatched systems.

CISA recently warned of three critical-severity vulnerabilities in Ivanti Endpoint Manager (EPM) that are being exploited in the wild. The vulnerabilities are tracked as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161 and are described as absolute path traversal flaws affecting EMP versions 2024 and 2022 SU6 with the November 2024 security update installed. Ivanti issued patches for the security defects in January. The vulnerabilities reside in functions that attempt to read the files in specific directories to calculate their hashes, and which accept user input. IT managers can use then information generated by their IT asset management tools to identify vulnerable systems.

Fortinet customers who yet to patch a critical authentication bypass vulnerability that was disclosed by company in February should act quickly. The vulnerability, labeled CVE-2025-24472, allows remote attackers to get super-admin privileges on affected systems. They exploit a weakness in how Fortinet's FortiOS and FortiProxy technologies handle Client Server Framework proxy requests. Systems with exposed FortiGate firewall management interfaces are at the most risk. FortiGate disclosed the flaw on February 11, along with a patch. CISA and others have in the past repeatedly pointed to products that fall into the category of edge device as technologies that attackers love to target because of the access they provide to victim environments. Stefan Hostetler, senior threat intelligence researcher member at Arctic Wolf noted that "As we predicted in the tail end of 2024, we expect that edge devices will continue to be exploited by cybercriminals in 2025 and beyond. Threat actors are likely to continue capitalizing on misconfiguration and outdated firmware as long as there s more money to be made." This observation underscores the need to use IT asset management tools to identify vulnerable and misconfigured systems.

CISA (U.S. Cybersecurity and Infrastructure Security Agency) recently published a Malware Analysis Report (MAR) on a RESURGE, a new malware call. RESURGE has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secure appliances. The malware creates web shells, bypasses integrity checks, and modifies files. It enables credential harvesting, account creation, and privilege escalation. CISA added the Ivanti Connect Secure Vulnerability CVE-2025-0282 to its Known Exploited Vulnerabilities (KEV) catalog in January. The agency noted that Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code execution. CVE-2025-0283 could allow a local authenticated attacker to escalate privileges. IT managers are urged to use their IT asset management tools to identify unpatched systems.

In January 2023 the European Union enacted a revised version of the 2016 Network and Information systems Directive (NIS). This directive is a legislative framework intended to bolster cybersecurity across EU infrastructure. The directive requires EU member states to incorporate enhanced cybersecurity measures into law. The new rules came into effect 18 October 2024. The directive has two main pillars: Duty of Care and Duty to Report. ITAM practices can improve an organization s cybersecurity capabilities. ITAM s role in developing a comprehensive asset inventory plays a key role in identifying potential software vulnerabilities. The NIS2 directive highlights the critical nature of robust asset management practices. By maintaining a comprehensive, up-to-date IT asset inventory, vulnerability management, and collaboration with cybersecurity teams, ITAM can play a vital role in complying with the NIS2 requirements.

Microsoft s security response team patched over 55 documented software defects in Windows OS and applications. It also identified a privilege escalation bug in Windows Storage and a code execution issue in the Windows Ancillary Function Driver for WinSock. These are flagged for for immediate attention due to active exploitation. The Windows Storage Elevation of Privilege bug enables attackers to delete targeted files on a system. Microsoft also urged Windows administrators to prioritize CVE-2025-21418 as a matter of urgency. It warned that the Windows Ancillary Function Driver for WinSock contains a serious law that provides SYSTEM privileges to a successful attacker. IT managers can utilize the information from their IT asset management solutions to identify p[atched and vulnerable systems.

A recent security advisory published by the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) stated the groups are primarily targeting critical infrastructure organizations, as well as healthcare, government, technology and manufacturing. The three agencies said in the reported that "Beginning early 2021, Ghost actors began attacking victims whose internet-facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China." This fact underscores the need for organizations to patch or replace vulnerable systems. Unpatched or obsolete equipment can be identified using an IT asset management tool.

"A remote unauthenticated attacker who successfully exploited this vulnerability would gain the ability to execute arbitrary code within the context of the LDAP service. It managers can use their IT asset management solutions to scan for and identify any unpatched systems.

In the latest Patch Tuesday security patches Microsoft has released fixes for nearly 160 vulnerabilities, 12 which are critical with eight zero-days; three of which are currently known to be under active exploitation. according to Microsoft. Tyler Reguly, associate director of security research and development at Fortra noted that This is definitely one of those months where admins need to step back, take a deep breath, and determine their plan of attack. The three zero days vulnerabilities bring exploited are classified as CVE-2025-21335, CVE-2025-21333 and CVE-2025-21334. They impact Hyper-V which is described by one researcher as being heavily embedded in modern Windows 11 operating systems and used for a range of security tasks including device guard and credential guard, which are listed as elevation of privileges issues. Consequently, patching these vulnerabilities should be at the top of the list for patching this month. IT professionals can utilize their IT asset management tools to identify vulnerable or unpatched systems.

The vulnerabilities involved in these attacks include an admin authentication bypass patched in September, and a remote code execution bug also patched tin September). Two other bugs, an SQL injection and a remote code execution vulnerability were both remediated in October. All four bugs have been tagged as exploited in zero-day attacks. CISA added them to its Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their appliances. In order to t thwart any attacks targeting users systems, the federal agencies "strongly encourage" all network administrators to upgrade their appliances to the latest supported Ivanti CSA version.

The January 2025 security updates also resolve 12 high-severity defects that could lead to remote code execution (RCE), denial-of-service (DoS), and escalation of privilege, some of which could be exploited remotely without authentication. Ivanti also issued patches for a high-severity race condition issue in Application Control Engine that could allow attackers to bypass the application blocking functionality. The company Irecommends that all customers update their Application Control instances to versions 2024.3 HF1, 2024.1 HF4, and 2023.3 HF3. Ivanti also noted that fixes will not be released for Application Control Module for Security Controls. It recommends that customers migrate to Application Control or Neurons for App Control.

As security teams are faced with an increasing number of identified vulnerabilities, vulnerability remediation is slowing at many organizations. According to an analysis by S&P Global Ratings, nearly 75% of organizations are either occasionally or infrequently remediating the vulnerabilities that affect their systems. Paul Alvarez, lead cyber risk expert at S&P Global Ratings said that Our analysis suggests that some organizations that we rate may be slow to remediate highly targeted cyber vulnerabilities, increasing the risk that computer systems could be compromised. The analysis, found that 30% of organizations remediated these vulnerabilities occasionally. CIO s concerned with identifying existing unpatched vulnerabilities can utilize the data from their IT asset management solution to pinpoint at risk devices.

Identity risks, data security risks and third-party risks are all made exacerbated by SaaS sprawl. Each new SaaS account adds a new identity that should be secured and represents a new source of third-party risk. This growing attack surface, much of which is unmanaged in most organizations, becomes an attack surface and becomes an attractive target for cyber-criminals. Data from Nudge Security indicates that the average employee creates a new SaaS account about every two weeks. That constitutes 200 new SaaS accounts per month for an organization with 100 employees. Each one of these SaaS identities expands the organization's attack surface and creates a new avenue for sensitive data to be stolen. Only a solution that can deliver continuous SaaS discovery along with just-in-time prompts can help CIOs to take appropriate steps to secure their accounts and combat this new form of shadow IT.