Industry News Roundup
Industry News - Jan 2025
Patch Alert: Remotely Exploitable LDAP Flaws in Windows
"A remote unauthenticated attacker who successfully exploited this vulnerability would gain the ability to execute arbitrary code within the context of the LDAP service. It managers can use their IT asset management solutions to scan for and identify any unpatched systems.
New Critical Microsoft Windows Warning As 3 Zero-Day Attacks Underway
In the latest Patch Tuesday security patches Microsoft has released fixes for nearly 160 vulnerabilities, 12 which are critical with eight zero-days; three of which are currently known to be under active exploitation. according to Microsoft. Tyler Reguly, associate director of security research and development at Fortra noted that This is definitely one of those months where admins need to step back, take a deep breath, and determine their plan of attack. The three zero days vulnerabilities bring exploited are classified as CVE-2025-21335, CVE-2025-21333 and CVE-2025-21334. They impact Hyper-V which is described by one researcher as being heavily embedded in modern Windows 11 operating systems and used for a range of security tasks including device guard and credential guard, which are listed as elevation of privileges issues. Consequently, patching these vulnerabilities should be at the top of the list for patching this month. IT professionals can utilize their IT asset management tools to identify vulnerable or unpatched systems.
CISA: Hackers Still Exploiting Older Ivanti Bugs to Breach Networks
The vulnerabilities involved in these attacks include an admin authentication bypass patched in September, and a remote code execution bug also patched tin September). Two other bugs, an SQL injection and a remote code execution vulnerability were both remediated in October. All four bugs have been tagged as exploited in zero-day attacks. CISA added them to its Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their appliances. In order to t thwart any attacks targeting users systems, the federal agencies "strongly encourage" all network administrators to upgrade their appliances to the latest supported Ivanti CSA version.
Ivanti Patches Critical Vulnerabilities in Endpoint Manager
The January 2025 security updates also resolve 12 high-severity defects that could lead to remote code execution (RCE), denial-of-service (DoS), and escalation of privilege, some of which could be exploited remotely without authentication. Ivanti also issued patches for a high-severity race condition issue in Application Control Engine that could allow attackers to bypass the application blocking functionality. The company Irecommends that all customers update their Application Control instances to versions 2024.3 HF1, 2024.1 HF4, and 2023.3 HF3. Ivanti also noted that fixes will not be released for Application Control Module for Security Controls. It recommends that customers migrate to Application Control or Neurons for App Control.
Poor Patching Regime Is Opening Businesses To Serious Problems
As security teams are faced with an increasing number of identified vulnerabilities, vulnerability remediation is slowing at many organizations. According to an analysis by S&P Global Ratings, nearly 75% of organizations are either occasionally or infrequently remediating the vulnerabilities that affect their systems. Paul Alvarez, lead cyber risk expert at S&P Global Ratings said that Our analysis suggests that some organizations that we rate may be slow to remediate highly targeted cyber vulnerabilities, increasing the risk that computer systems could be compromised. The analysis, found that 30% of organizations remediated these vulnerabilities occasionally. CIO s concerned with identifying existing unpatched vulnerabilities can utilize the data from their IT asset management solution to pinpoint at risk devices.
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
Identity risks, data security risks and third-party risks are all made exacerbated by SaaS sprawl. Each new SaaS account adds a new identity that should be secured and represents a new source of third-party risk. This growing attack surface, much of which is unmanaged in most organizations, becomes an attack surface and becomes an attractive target for cyber-criminals. Data from Nudge Security indicates that the average employee creates a new SaaS account about every two weeks. That constitutes 200 new SaaS accounts per month for an organization with 100 employees. Each one of these SaaS identities expands the organization's attack surface and creates a new avenue for sensitive data to be stolen. Only a solution that can deliver continuous SaaS discovery along with just-in-time prompts can help CIOs to take appropriate steps to secure their accounts and combat this new form of shadow IT.
Industry News - Dec 2024
Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application
Ivanti recently announced patches for over ten vulnerabilities in its products. The patches addressed five critical-severity bugs in Cloud Services Application, Connect Secure, and Policy Secure. The most severe of these vulnerabilities is CVE-2024-11639, having a CVSS score of 10/10, which involved an authentication bypass affecting the Cloud Services Application (CSA) secure communication solution. The flaw allows remote, unauthenticated attackers to access CSA with administrative privileges affecting the administrator web console of the enterprise solution. The admin web console was also vulnerable to a command injection bug and an SQL injection defect, that could enable remote attackers with administrative privileges and the ability to execute arbitrary code or run arbitrary SQL statements. The companyaddressed all three flaws in CSA version 5.0.3 and has credited CrowdStrike for finding and reporting them. Users are advised to update their appliances as soon as possible.
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Microsoft recently issued patches for over 70 documented security defects and called urgent attention to a zero-day vulnerability in the Windows Common Log File System (CLFS). The CLFS vulnerability has been actively exploited in the wild and carries a CVSS severity score of 7.8/10. According to the company, the CLFS driver flaw allows attackers to gain SYSTEM privileges through a heap-based buffer overflow. Microsoft warned that successful exploits require no user interaction and low privileges to execute. There have been at least 25 documented vulnerabilities in CLFS over the last five years. Earlier this year, Microsoft said it was developing a major new security mitigation to thwart a surge in cyberattacks targeting the Windows CLFS. IT managers can utilize the information from their IT asset management tools to identify vulnerable systems.
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe s recent patch release addresses over 160 vulnerabilities across 16 products. Approximately 90 of the vulnerabilities were patched in Adobe Experience Manager. The majority have a medium-severity CVSS score and allow arbitrary code execution. Some can be exploited to bypass security features. Adobe patched over 20 vulnerabilities in Connect. Several involved critical and high-severity issues that can be exploited for arbitrary code execution and privilege escalation. Several security holes were resolved in Adobe Animate. All of them are described as critical issues with high severity CVSS scores that can lead to arbitrary code execution. Vulnerable systems can be identified using the data generated by an IT asset management tool set.
CISOs Still Cautious About Adopting Autonomous Patch Management Solutions
Recently cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included several that dated back over ten years. Outside of that list list are regularly unpatched aging vulnerabilities going back as far as 2017. Experts say that or autonomous firmware and software patch management applications should be part of a CISO s toolkit. According to a recent Forrester Research survey CISOs are still cautious about adopting autonomous solutions. Just over a quarter of 510 security decision-makers said their organization currently uses a patch management solution. A third said they are willing to buy such a solution. Erik Nost, a Forrester senior analyst, explained the reluctance to adopt automated patching to the Fear of breaking something if an untested patch is installed. Nonetheless, CISO s can utilize the software information generated by an IT asset management tool to identify unpatched devives.
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
Microsoft's December 2024 Patch Tuesday security update includes over 70 patches. The most prominent patch addresses a Windows zero-day security vulnerability under active exploit. The company included CVEs in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. Out of this month's CVEs, 16 are rated as critical. This month s patch Tuesday brings the total number of patches for the year to 1,020, the second-most voluminous year for fixes after 2020's 1,250. CIUO s are reminded that their IT asdset management system can pinpoint vulnerable and unpatched systems.
FTC Orders Marriott and Starwood To Implement Strict Data Security
The establishment and implementation of a comprehensive information security program that encompasses encryption, access controls, multi-factor authentication, vulnerability management, and incident response plans. A key part of vulnerability management is maintaining a comprehensive inventory of all IT assets. A robust IT asset management tool is a key part of vulnerability management.
Beware Of Shadow AI Shadow IT s Less Well-Known Brother
Shadow IT is a well-documented problem in the cybersecurity industry. Employees use of unsanctioned systems and software as a workaround to bypass official IT processes and restrictions can result in a number of problems for the corporation. With AI tools becoming available for virtually every business use case or function, employees are now using unsanctioned or unauthorized AI tools and applications. This action, without the knowledge or approval of IT or security teams, creates a new phenomenon known as Shadow AI. It is estimated that half to three quarters of employees are using non-company issued AI tools. Consequently, a visibility problem emerges. Companies do not know what is happening on their own networks. A robust IT asset management toolset can provide information on Shadow IT and SAI applications and pinpoint the systems on which they are installed.
Industry News - Nov 2024
CISOs Who Delayed Patching Palo Alto Vulnerabilities Now Face Real Threat
The company patched the vulnerabilities in October of 2024. CISA put CISOs who ignored the previous warnings on notice that their systems are now under threat. The vulnerabilities enable the theft of usernames, cleartext passwords and more. IT professionals can utilize the information from their IT asset management tools to identify unpatched instances of software.
November 2024 Patch Tuesday Patches Four Zero Days And Three Critical Flaws
After warning users about five zero-day vulnerabilities in October, Microsoft s November s Patch Tuesday update has identified another four from a total haul of nearly 90 CVEs. In terms of priorities, admins will want to start by patching the two zero days that are being actively exploited before moving on to three other vulnerabilities rated critical , plus one that is rated important . The first exploited zero day enables an attacker to elevate their privileges from an AppContainer. The second exploited zero day, has a hash disclosure flaw in the now deprecated NTLMv2 that affects all versions of Windows going back to Windows Server 2008. IT and security professionals can use their IT asset management tools to identify unpatched instances of the software.
NIS 2 Directive - ITAM's Important Role in a Ransomware Response Plan
ITAM professionals have the data on all the IT assets in a company at their fingertips. They know which users have which assets and can quickly help the cyber security staff to identify the scope of a potential attack. ITAM teams can also ensure end users can gain access to functioning endpoints in the event of an attack that renders other endpoints unusable. They also have access to the software installed on users systems, who has access to download licenses and software packages, and can coordinate blocking access to infected files. An ITAM program includes the responsibility for sourcing equipment and tracking its use. Consequently, an ITAM plan to respond to a ransomware attack is critical. That plan should determine how to get a ransomware-impacted workforce up and running after devices are impacted.
Industry News - Oct 2024
Microsoft Reveals Bad News For 70% Of Windows Users Upgrade Warning Gets Worse
XDA Developers has suggested that using unsupported hardware on Windows 11 is only going to get more miserable. This should be another warning for Windows 10 holdouts that Microsoft is unlikely to soften its position. IT managers can use their IT asset management tools to plan the transition and identify systems not compatible with Windows 11.
AI Adoption Drives Unmanageable Spike In Cloud Costs
According to a recent report by Tangoe, AI adoption is resulting in a serious spike in cloud costs. To develop the report, the technology expense management solution provider surveyed 500 IT and finance professionals responsible for enterprise cloud cost management. It found that overall cloud costs increased an average of 30% in the last year. Fifty percent of respondents noted that spending on AI applications was a top driver for growing cloud spend. Nearly seventy five percent of respondents said the AI resulted in unmanageable cloud bills. To constrain costs, IT professionals can utilize their IT asset management tools to identify duplicate, under-utilized or unauthorized clous services.
Building A Stronger Business With G-A-V: A Framework for Technology Upgrades and Trends
IT asset management is a key tool in implementing a GAV framework. The data reported by the solution provides a current inventory of hardware and software assets, identifies obsolete systems and highlights areas of potential cost savings.
Kaspersky s US Customers Receive Ultraav Swap, Raising Red Flags
Followimng the US government s ban on Kaspersky Lab products, some users reported that the antivirus software was replaced without notice by UltraAV , about which little is known. Earlier in 2024, citing national security risks, the US government prohibited the sale of Kaspersky products in the US. Consequently, Kaspersky notified its US employees that it would begin winding down its operations in the US starting in July. According to UltraAV s website, Kaspersky partnered with UltraAV to ensure continued service for its US customers. However, according to The Register, UltraAV has not undergone testing by the Anti-Malware Testing Standards Organization (AMTSO). A third-party test is scheduled for later this year. Security software vendors are not obligated to have their products independently tested. However, in such a trust-driven industry, such assessments can be considered essential. IT managers concerned about having unknown or untested applications on their networks can utilize their IT asset management tools to identify such software.
Application Detection and Response Is the Gap-Bridging Technology We Need
The concept of detection and response is a core part of the NIST Cybersecurity Framework (CSF) and a should be a fundamental part of any sound cybersecurity program. IT pros must be able to detect threats and malicious activity and respond to them, regardless of where they occur. That can be a real challenge for the current detection and response processes. Most detection and response tools focus on endpoints, networks, servers, but leave one large gap: applications. That gap is now increasingly being targeted, with the increased role applications play in malicious activity. The latest Verizon Data Breach Investigations Report (DBIR) pointed out that application vulnerability exploitation grew 180% over the previous year. Verizon stated that vulnerability exploitation now accounts for one-third of all incidents recorded in the DBIR. Security and IT professionals can utilize their IT asset management toolset to identify applications with known vulnerabilities that reside on their networks.
Ivanti Warns Customers of More CSA Zero-Days Exploited in Attacks
Ivanti recently announced patches for CVE-2024-8190. This is a CSA vulnerability that enables attackers with elevated privileges to achieve remote code execution. Shortly after the patch was released it came to light that threat actors had been combining it with a vulnerability tracked as CVE-2024-8963 used to bypass authentication and be able to exploit CVE-2024-8190. Ivanti subsequently announced that CVE-2024-8963 has been chained with other CSA vulnerabilities as well to target a limited number of its customers. The company noted that three new flaws tracked as CVE-2024-9379, CVE-2024-9380 and CVE-2024-9381 have been chained with CVE-2024-8963. CVE-2024-9381 is a high-severity path traversal issue that enables a remote and authenticated attacker with administrator privileges to bypass restrictions. CVE-2024-9380 is a high-severity OS command injection bug allowing remote code execution. CVE-2024-9379 is a medium-severity SQL injection that enables an authenticated attacker with admin privileges to run arbitrary SQL commands.
Microsoft Confirms Exploited Zero-Day in Windows Management Console
Microsoft recently issued an urgent warning regarding an actively exploited code execution vulnerability in a Windows component used for system configuration and monitoring. The zero-day, tagged as CVE-2024-43572, is documented as a remote code execution issue in Microsoft Management Console (MMC). The company warned that attackers are usinmg malicious Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. This is the 23rd time this year Microsoft needed to respond to zero-day exploitation before the availability of patches. The October patches also cover critical-severity flaws in the Visual Studio Code extension for Arduino, the Remote Desktop Protocol Server, and the Microsoft Configuration Manager. Microsoft also identified CVE-2024-43573 for urgent attention, stating that a flaw in the Windows MSHTML platform is included in the exploitation detected category. IT managers can identify vulnerable and unpatched systems using their IT asset management tools.
Executives Worry Over Aging IT Systems
According to a recent Kyndryl report corporate IT modernization initiatives are often threatened by aging infrastructure and systems without technical support. The IT services firm surveyed over 3,000 C-suite executives and aggregated anonymized customer data. Ninety percent of executives said their company s technology is best-in-class, however over sixty percent acknowledged that outdated systems present a major concern. According to Michael Bradshaw, Kyndryl s SVP and global practice leader for applications, data and AI, if a company lacks comprehensive IT asset and configuration management, locating tech debt is a challenge. He noted that It s almost like an archeological dig. You don t know where the problems are unless you stub your toe on something that s reached end-of-support.
Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products
Apple is currently making patches to iOS 18.1 and iPadOS 18.1 available to to mobile users with patches for over 25 vulnerabilities that could result in information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files. The flaws were resolved with improved authentication, checks, logic, input validation, handling of content, memory management, private data redaction, state management, and file and memory handling. Resolutions for nearly 60 security defects were resolved with the recent macOS Sequoia 15.1 update. Those patches addressed 15 issues that were also addressed in iOS and several flaws in third-party dependencies. IT managers can identify unpatched systems using their IT asset managment tools.