Collaborate Disseminate
Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, accordi… Continue reading CISOs must shift from tactical defense to strategic leadership
Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti. Leadership… Continue reading Widespread data silos slow down security response times
Easterly, Krebs and others discuss Ivanti breach, expiring legal protections for companies that share threat data with feds, and JCDC progress.
The post Current, former government cyber officials tout industry collaboration advancements appeared first on CyberScoop.
Continue reading Current, former government cyber officials tout industry collaboration advancements
Ivanti has released product updates to resolve multiple vulnerabilities, including critical code execution flaws in Endpoint Manager.
The post Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager appeared first on SecurityWeek.
Continue reading Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager
Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly Mo… Continue reading PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)
The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were 91 CVEs fixed in Windows 10, 69 … Continue reading May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN ap… Continue reading MITRE breach details reveal attackers’ successes and failures
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware inf… Continue reading MITRE breached by nation-state threat actor via Ivanti zero-days
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauth… Continue reading Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)