Industry News Roundup

XDA Developers has suggested that using unsupported hardware on Windows 11 is only going to get more miserable. This should be another warning for Windows 10 holdouts that Microsoft is unlikely to soften its position. IT managers can use their IT asset management tools to plan the transition and identify systems not compatible with Windows 11.

According to a recent report by Tangoe, AI adoption is resulting in a serious spike in cloud costs. To develop the report, the technology expense management solution provider surveyed 500 IT and finance professionals responsible for enterprise cloud cost management. It found that overall cloud costs increased an average of 30% in the last year. Fifty percent of respondents noted that spending on AI applications was a top driver for growing cloud spend. Nearly seventy five percent of respondents said the AI resulted in unmanageable cloud bills. To constrain costs, IT professionals can utilize their IT asset management tools to identify duplicate, under-utilized or unauthorized clous services.

IT asset management is a key tool in implementing a GAV framework. The data reported by the solution provides a current inventory of hardware and software assets, identifies obsolete systems and highlights areas of potential cost savings.

Followimng the US government s ban on Kaspersky Lab products, some users reported that the antivirus software was replaced without notice by UltraAV , about which little is known. Earlier in 2024, citing national security risks, the US government prohibited the sale of Kaspersky products in the US. Consequently, Kaspersky notified its US employees that it would begin winding down its operations in the US starting in July. According to UltraAV s website, Kaspersky partnered with UltraAV to ensure continued service for its US customers. However, according to The Register, UltraAV has not undergone testing by the Anti-Malware Testing Standards Organization (AMTSO). A third-party test is scheduled for later this year. Security software vendors are not obligated to have their products independently tested. However, in such a trust-driven industry, such assessments can be considered essential. IT managers concerned about having unknown or untested applications on their networks can utilize their IT asset management tools to identify such software.

The concept of detection and response is a core part of the NIST Cybersecurity Framework (CSF) and a should be a fundamental part of any sound cybersecurity program. IT pros must be able to detect threats and malicious activity and respond to them, regardless of where they occur. That can be a real challenge for the current detection and response processes. Most detection and response tools focus on endpoints, networks, servers, but leave one large gap: applications. That gap is now increasingly being targeted, with the increased role applications play in malicious activity. The latest Verizon Data Breach Investigations Report (DBIR) pointed out that application vulnerability exploitation grew 180% over the previous year. Verizon stated that vulnerability exploitation now accounts for one-third of all incidents recorded in the DBIR. Security and IT professionals can utilize their IT asset management toolset to identify applications with known vulnerabilities that reside on their networks.

Ivanti recently announced patches for CVE-2024-8190. This is a CSA vulnerability that enables attackers with elevated privileges to achieve remote code execution. Shortly after the patch was released it came to light that threat actors had been combining it with a vulnerability tracked as CVE-2024-8963 used to bypass authentication and be able to exploit CVE-2024-8190. Ivanti subsequently announced that CVE-2024-8963 has been chained with other CSA vulnerabilities as well to target a limited number of its customers. The company noted that three new flaws tracked as CVE-2024-9379, CVE-2024-9380 and CVE-2024-9381 have been chained with CVE-2024-8963. CVE-2024-9381 is a high-severity path traversal issue that enables a remote and authenticated attacker with administrator privileges to bypass restrictions. CVE-2024-9380 is a high-severity OS command injection bug allowing remote code execution. CVE-2024-9379 is a medium-severity SQL injection that enables an authenticated attacker with admin privileges to run arbitrary SQL commands.

Microsoft recently issued an urgent warning regarding an actively exploited code execution vulnerability in a Windows component used for system configuration and monitoring. The zero-day, tagged as CVE-2024-43572, is documented as a remote code execution issue in Microsoft Management Console (MMC). The company warned that attackers are usinmg malicious Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. This is the 23rd time this year Microsoft needed to respond to zero-day exploitation before the availability of patches. The October patches also cover critical-severity flaws in the Visual Studio Code extension for Arduino, the Remote Desktop Protocol Server, and the Microsoft Configuration Manager. Microsoft also identified CVE-2024-43573 for urgent attention, stating that a flaw in the Windows MSHTML platform is included in the exploitation detected category. IT managers can identify vulnerable and unpatched systems using their IT asset management tools.

According to a recent Kyndryl report corporate IT modernization initiatives are often threatened by aging infrastructure and systems without technical support. The IT services firm surveyed over 3,000 C-suite executives and aggregated anonymized customer data. Ninety percent of executives said their company s technology is best-in-class, however over sixty percent acknowledged that outdated systems present a major concern. According to Michael Bradshaw, Kyndryl s SVP and global practice leader for applications, data and AI, if a company lacks comprehensive IT asset and configuration management, locating tech debt is a challenge. He noted that It s almost like an archeological dig. You don t know where the problems are unless you stub your toe on something that s reached end-of-support.

Apple is currently making patches to iOS 18.1 and iPadOS 18.1 available to to mobile users with patches for over 25 vulnerabilities that could result in information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files. The flaws were resolved with improved authentication, checks, logic, input validation, handling of content, memory management, private data redaction, state management, and file and memory handling. Resolutions for nearly 60 security defects were resolved with the recent macOS Sequoia 15.1 update. Those patches addressed 15 issues that were also addressed in iOS and several flaws in third-party dependencies. IT managers can identify unpatched systems using their IT asset managment tools.

One of a CIOs most persistent challenges involves embracing innovative technologies without while addressing potentially crippling technical debt. Tech debt can involve old applications, bloated code, and aging hardware. The issue often is deprioritized behind adoption of innovation and new technology. In a recent CIO Sentiment Survey by IDC almost 40% of CIOs surveyed said they expect to overspend on digital infrastructure over the next 18 months. Nearly 50% of those who expect to overspend blamed excessive tech debt, including old apps. Nonetheless, according to the survey CIOs ranked AI and cybersecurity far ahead of eliminating tech debt on their lists of priorities. Daniel Saroff, group vice president for consulting and research at IDC, noted that company boards and CEOs are putting pressure on CIOs to find innovative uses for AI. In addition, and the need for better cybersecurity is ever-present. Therefore, dealing with tech debt gets put on the backburner. One approach for CIOs who have significant tech debt is to sell it to organization leadership. One way to frame the need to address tech debt is to tie it to IT modernization. CIOs can use their IT asset management tools to identify old and obsolete hardware and software and point out the costs of legacy systems.,

Microsoft recently warned users of six actively exploited Windows security defects. The company s security response team issued documentation for nearly 90 vulnerabilities across Windows and OS components and raised marked six flaws as being actively exploited. Microsoft urged Windows sysadmins to pay urgent attention to a batch of critical-severity issues that expose users to remote code execution, privilege escalation, cross-site scripting and security feature bypass attacks. These include a significant flaw in the Windows Reliable Multicast Transport Driver that brings remote code execution risks, a severe Windows TCP/IP remote code execution flaw, two separate remote code execution issues in Windows Network Virtualization and an information disclosure issue in the Azure Health Bot. IT professionals can utilize their IT asset management toolsets to identify vulnerable and/or unpatched systems.

Microsoft recently patched a serious flaw within Microsoft s Outlook email client. The vulnerability would enable an attacker to have full access by simply sending the user an email. The attack would work even if the recipient did not open the message. Furthermore, the end user would have no way of knowing that they had been attacked. Michael Gorelik, the chief technology officer at Morphisec noted that You will not know. You will not experience anything. The security firm that says it discovered the problem and reported it to Microsoft. He also voice d concern that this flaw may indicate the existence of similar zero-click holes that Microsoft has yet to patch. IT professionals can utilize their IT asset management solutions to minimize exposure to the vulnerability by identifying any unpatched systems.

Ivanti recently announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager. Two addressed critical-severity flaws, including a critical-severity information disclosure issue that could enable an unauthenticated attacker to obtain the OIDC client secret via debug information . Ivanti also announced patches for a high-severity improper certificate validation flaw that could allow an attacker in a man-in-the-middle position to craft a token that would allow access to ITSM as any user . Ivanti also announced patches for a critical-severity bug in Virtual Traffic Manager that could enable an attacker to circumvent authentication and create an administrator user in the admin panel. The company also issued patches for five high-severity vulnerabilities in Avalanche.

Even before the worldwide CrowdStrike outage, patching was a constant challenge for many IT operations teams. They struggled to balance the need to patch urgently with the requirement to patch safely. Endpoint unpatched devices remain one of the greatest risks to an organization. However, deploying a bad patch can have dire consequences for a business. Clearly, applying software patches has exceeded current capabilities, and AI-based autonomous patching systems are a reasonable substitute.

The Software as a service (SaaS) market is evolving and offers new opportunities for tech professionals to optimize operations and efficiency. Organizations are working to streamline IT investments by consolidating applications and focusing on integrated solutions. Despite their efforts challenges in managing SaaS sprawl are ongoing. This webinar will help participants to gain practical strategies, expert insights, and tools needed effectively lead a team in the dynamic SaaS landscape. During the webinar the speakers will examine changing SaaS usage trends and their impact on efficiency, share ideas to effectively manage the evolving tech stack and cover how to prepare for upcoming shifts in SaaS spending.

Businesses face significant obstacles when modernizing legacy technology systems, despite efforts and plans to modernize and streamline IT operations. According to Jeremiah Stone, CTO of SnapLogic, challenges are inherent in major technology upgrades, especially regarding legacy systems. Over 75% of IT decision-makers report that their teams spend up to 25 hours a week updating and patching legacy systems. Maintaining and updating Legacy tech can negatively impact productivity and the bottom line. IT managers can use their IRT asset management tools to identify key legacy systems and those which can be phased out or replaced.

Businesses want to replace laptops and desktops before support runs out but we think that that surge is going to happen toward the end of this year and the beginning of next year. As a result PC shipments began to recover back this year. Kitagawa also noted that Enterprises are replacing PCs due to age, not AI. Managers can identify devices that need to be replaced using the reporting capabilities of their IT asset management software.

According to the edict issued by the , US Department of Commerce s Bureau of Industry and Security (BIS), US companies have until September 239th to stop using Kaspersky s antivirus software and services. US CISO s must act quickly to comply. Tim Crawford, founder of research and advisory firm Avoa, noted that You have to move quickly, don t wait or take a chance to get close to that October deadline, because those non-updated systems will become fully vulnerable, and hackers are lying in wait for you. Kaspersky software will no longer be supported and IT professionals can utilize their IT asset management toolsets to identify impacted systems and networks.

tracked as CVE-2024-37381 and impacts the Core server of Endpoint Manager 2024. The company also released patches for four vulnerabilities impacting all versions of its Endpoint Manager for Mobile product. Tracked as CVE-2024-36130, CVE-2024-36131 and CVE-2024-36132, these flaws are high-severity bugs. IT managers can identify unpatched systems using their IT asset management toolsets.

The other zero-day is tracked as CVE-2024-38112, and is is a weakness in MSHTML, the engine of Microsoft s Internet Explorer web browser. Kevin Breen, senior director of threat research at Immersive Labs, said exploitation of this vulnerability requires the use of an attack chain of exploits or programmatic changes on the target host. Unpatched devices can easily be identified using a robust IT asset management toolset.

The Biden administration has decided to block all new sales of Kaspersky Labs products and services un the United States. Allegations have been made that the Russian company has strong ties to Russia s nation-state cyber offensives. The Department of Commerce s Bureau of Industry and Security (BIS) stated that Kaspersky will no longer be able to, sell its software within the US or provide updates to software already in use. The prohibition applies to the company s US subsidiary Kaspersky Labs, Inc., will be enforced on its affiliates, subsidiaries, and parent companies, the statement added. The risk factors considered in the review included threats posed by Russia, vulnerabilities that Kaspersky s ICTS products create for US national security and the impact of Russia exploiting the vulnerabilities presented. IT professionals can identify deployed instances of the Kaspersky software by using the software asset management tools in their IT asset management software.

The Confluence Data Center and Server patches addresses six security defects, all of which were disclosed this year. The most severe of these flaws (tracked as CVE-2024-22257) is a broken access control issue in the Spring Framework. That vulnerability could allow unauthenticated attackers to expose assets for which they should not have access. Three server-side request forgery vulnerabilities, tracked as CVE-2024-22243, CVE-2024-22262, and CVE-2024-22259. Were also resolved. Atlassian also issued patches for two out-of-bounds write bugs in Apache Commons Configuration. These bugs could allow unauthenticated attackers to cause a denial-of-service (DoS) condition. Patches for all vulnerabilities are included in Confluence Data Center and Server versions 8.9.3, 8.5.11 (LTS), and 7.19.24 (LTS).

The Microsoft Outlook security defect ( tracked as CVE-2024-30103) allows attackers to bypass Outlook registry block lists and create malicious DLL files. The Morphisec researchers who discovered the bug consider it critical and warned that attackers might soon start exploiting it as it does not require user interaction. The cybersecurity firm noted that, Execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook s auto-open email feature. This Microsoft Outlook vulnerability can be circulated from user to user and doesn t require a click to execute. The company advised users to update their Outlook clients as soon as possible. Microsoft also released patches for over a dozen remote code execution vulnerabilities, including a critical-severity flaw in Microsoft Message Queuing. IT managers can utilize their IT asset management tools to identify unpatched or vulnerable systems.

Microsoft recently advised Windows administrators to prioritize patches for a critical remote code execution vulnerability in the Microsoft Message Queuing (MSMQ) software. The vulnerability, (tracked as CVE-2024-30080) has a CVSS severity score of 9.8/10. It can be exploited by an attacker sending specially crafted malicious MSMQ packets to a MSMQ server, resulting in remote code execution. The company also released patched for over 51 security defects across a range of Windows OS, components and services. A company s IT asset management tools can be used to easily identify unpatched or vulnerable systems.

Successful exploitation of the vulnerability requires that the attacker has the privileges required for adding new macro languages, and to upload a malicious language file. According to Atlassianthe issue was introduced in Confluence version 5.2.