IT Management | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914  (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891  (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability CVE-2022-28810  (CVSS score: 6.8) - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability The most critical of the three is  CVE-2022-35914 , which concerns a remote code execution vulnerability in the third-party library htmlawed present in  Teclib GLPI , an open source asset and IT management software package. The exact specifics surrounding the nature of attacks are unknown, but the Shadowserver Foundation in October 2022  noted  that it has seen exploitation attempts against its honeypots. Since then, a cURL-based one-line proof of concept (PoC) has been made a

Just as you were getting comfortable with Windows 7, Windows 8 seems to be on the horizon for the next two years. Celebrating the one-year anniversary of Windows 7— the fastest-selling OS in history—Microsoft's Dutch website briefly mentioned its successor: "Microsoft is on course for the next version of Windows. But it will take about two years before 'Windows 8' hits the market." Winrumors.com translated and captured this post, and CNET took a screenshot of the text, which unsurprisingly disappeared after making headlines. Now, Microsoft is back to being tight-lipped about Windows 8 and its expected release. Reports from last year suggested Microsoft was developing a 128-bit version of its OS, likely to be Windows 8. Recently, NetworkWorld obtained over 15 confidential slide decks detailing possible features, including body-sensing technology similar to the Xbox Kinect, a desktop app store like Apple's forthcoming Mac App Store, near-instant CPU booting, and a focus on powe

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.