CyberSecurity updates
Updated: 2024-10-15 16:23:50 Pacfic

Flag This

do son @ Cybersecurity News

Critical Vulnerabilities in Ivanti Products - Urgent Patching Needed - 3d


Read more: securityonline.info

Multiple Ivanti products are affected by critical vulnerabilities, including Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect Secure, Policy Secure, and Ivanti Avalanche. Attackers can exploit these vulnerabilities to gain unauthorized access, execute commands, or compromise system integrity, posing significant risks to organizations. CVE-2024-7612, impacting Ivanti EPMM, allows local authenticated attackers to access or modify sensitive configuration files due to incorrect permission assignment, while vulnerabilities CVE-2024-9379 and CVE-2024-9380 affecting Ivanti CSA enable remote authenticated attackers with admin privileges to execute arbitrary SQL statements and commands, respectively.

References:

  • Malware Analysis, News and Indicators - GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems - 6d
  • Security Boulevard - GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems - 6d
  • SCM feed for Security Strategy, Plan, Budget - GoldenJackal threat group targets air-gapped government systems - 6d
  • Malware Analysis, News and Indicators - Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. - 6d
  • Malware Analysis, News and Indicators - This article discusses the vulnerabilities patched in Microsoft's October 2024 Patch Tuesday, including the two actively exploited zero-days. - 6d
  • Cyble - Cyble provides detailed information about the vulnerabilities in Ivanti products, including CVE-2024-7612, CVE-2024-9379, CVE-2024-9380, and more. - 3d
  • www.ivanti.com - Ivanti's official blog post addresses vulnerabilities affecting Ivanti Cloud Service Application (CSA) and other products, emphasizing the importance of updating to the latest versions. - 3d
  • ciso2ciso.com - This article mentions the active exploitation of vulnerabilities in Ivanti CSA. - 2d
  • Vulnerability Archives - This news article provides details about the sophisticated cyberattack targeting the Ivanti CSA. - 2d
  • @jos1264 - Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com - 2d
  • www.fortinet.com - Fortinet's blog post about the vulnerabilities, including details on the attack chain, exploited vulnerabilities, and impact. - 1h

Classification:

  • HashTags: #IvantiVulnerability #Cybersecurity #PatchManagement
  • Company: Ivanti
  • Target: Ivanti Products
  • Product: Ivanti Endpoint Manager Mobile (EPMM) Ivanti Cloud Service Application (CSA) Ivanti Velocity License Server Ivanti Connect Secure Policy Secure and Ivanti Avalanche
  • Feature: Vulnerabilities
  • Type: Vulnerability
  • Severity: Major






This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts here if you have feedback. You can also find Flathis at Mastodon.