IT Management | Breaking Cybersecurity News | The Hacker News

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become more critical than ever, organizations find themselves caught in a difficult balancing act. They are struggling to manage the rising costs and complexities of business continuity and disaster recovery (BCDR) while ensuring that their business-critical data remains secure and recoverable. To help IT teams and managed service providers (MSPs) understand how their peers are navigating these challenges, the State of Backup and Recovery Report 2025 has gathered insights from more than 3,000 IT professionals, security experts and administrators worldwide. The report reveals how businesses are tackl...

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991 , is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability," the company said in an advisory. "If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution." Security researcher Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI) has been credited with discovering and reporting the flaw on May 24, 2024. The ZDI, which has assigned the shortcoming a CVSS score of 9.9, said it exists within a class called JsonSerializationBinder and stems from a lack of proper validation of user...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914  (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891  (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability CVE-2022-28810  (CVSS score: 6.8) - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability The most critical of the three is  CVE-2022-35914 , which concerns a remote code execution vulnerability in the third-party library htmlawed present in  Teclib GLPI , an open source asset and IT management software package. The exact specifics surrounding the nature of attacks are unknown, but the Shadowserver Foundation in October 2022  noted  that it has seen exploitation attempts against its honeypots. Since then, a cURL-based one...

Just as you were getting comfortable with Windows 7, Windows 8 seems to be on the horizon for the next two years. Celebrating the one-year anniversary of Windows 7— the fastest-selling OS in history—Microsoft's Dutch website briefly mentioned its successor: "Microsoft is on course for the next version of Windows. But it will take about two years before 'Windows 8' hits the market." Winrumors.com translated and captured this post, and CNET took a screenshot of the text, which unsurprisingly disappeared after making headlines. Now, Microsoft is back to being tight-lipped about Windows 8 and its expected release. Reports from last year suggested Microsoft was developing a 128-bit version of its OS, likely to be Windows 8. Recently, NetworkWorld obtained over 15 confidential slide decks detailing possible features, including body-sensing technology similar to the Xbox Kinect, a desktop app store like Apple's forthcoming Mac App Store, near-instant CPU b...