Tag: ivanti
-
Updates dringend notwendig – Ivanti veröffentlicht Security Advisory für kritische Sicherheitslücken
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-cloud-services-appliance-a-a4099c534e081d4a2668d56045d7b5cb/
-
CVE-2024-9381 Ivanti CSA Security Vulnerability October 2024
A critical vulnerability (CVE-2024-9381) in Ivanti’s Cloud Services Appliance allows attackers to bypass security measures and execute arbitrary code. Affected Platform CVE-2024-9381 impacts Ivanti’s Cloud Services Appliance (CSA), a critical component used in secure remote access for enterprise environments, affecting CSA versions prior to the latest patch. Ivanti CSA provides a secure bridge for cloud……
-
Ivanti CSA bugs leveraged in suspected nation-state attack
First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-csa-bugs-leveraged-in-suspected-nation-state-attack
-
Vulnerability Recap 10/15/24 Patch Tuesday Posts 117 Vulnerabilities
We take a look at the past week’s exploited vulnerabilities, including previous Ivanti and Veeam flaws, and also cover critical Patch Tuesday fixes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-october-15-2024/
-
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws
Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/serious-adversaries-circle-ivanti-csa-flaws
-
U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog
Tags: cisa, cloud, cve, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, service, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Last week, Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA)…
-
Nation-state actor exploited three Ivanti CSA zero-days
An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry out malicious activities. The three vulnerabilities exploited by the threat actor are: “an advanced adversary…
-
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days. The post Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-csa-zero-day-exploitation-attributed-to-state-sponsored-hackers/
-
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to…
-
Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks
Fortinet’s FortiGuard Labs recently released a detailed analysis of a sophisticated cyberattack targeting the Ivanti Cloud Services Appliance (CSA). The attackers, suspected to be a nation-state actor, exploited a chain... First seen on securityonline.info Jump to article: securityonline.info/suspected-nation-state-adversary-exploits-ivanti-csa-in-a-series-of-sophisticated-attacks/
-
Trio of Ivanti CSA zero-day vulnerabilities under exploit threat
The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-zero-day-vulnerabilities-exploitation/729354/
-
CISA Adds Fresh Ivanti Vuln, Critical Fortinet Bug To Hall Of Shame
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36454/CISA-Adds-Fresh-Ivanti-Vuln-Critical-Fortinet-Bug-To-Hall-Of-Shame.html
-
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Usual three-week window to address significant risks to federal agencies applies First seen on theregister.com Jump to article: www.theregister.com/2024/10/10/cisa_ivanti_fortinet_vulns/
-
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Fortinet addressed a critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). The issue if…
-
CISA Warns of Fortinet Ivanti Vulnerabilities Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats. Fortinet Multiple Products Format String Vulnerability CVE-2024-23113 Fortinet’s suite of […]…
-
CISA Added Fortinet Ivanti Vulnerabilities that Exploited in the Wild
Tags: cisa, cve, cyber, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats. Fortinet Multiple Products Format String Vulnerability CVE-2024-23113 Fortinet’s suite of […]…
-
Attacks involving critical Ivanti CSA bugs underway
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-involving-critical-ivanti-csa-bugs-underway
-
New Ivanti CSA Bugs are Enabling Further Attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/new-ivanti-csa-bugs-are-enabling-further-attacks
-
Ivanti zero-day vulnerabilities exploited in chained attack
The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613041/Ivanti-zero-day-vulnerabilities-exploited-in-chained-attack
-
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor’s Cloud Services Appliance (CSA). First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited
-
Ivanti CSA Customers Targeted in New Zero Day Attacks
Attackers Chain Three Security Flaws with Patched Admin Bypass Vulnerability. Internet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0. First seen on govinfosecurity.com Jump to…
-
Ivanti stopft ausgenutzte Sicherheitslücken und mehr
Ivanti aktualisiert mehrere Software-Pakete. Darunter CSA, die bereits attackiert wird, oder Connect Secure mit kritischen Lecks. First seen on heise.de Jump to article: www.heise.de/news/Ivanti-stopft-ausgenutzte-Sicherheitsluecken-und-mehr-9974839.html
-
Three CSA Zero-Days Are Being Exploited in Attacks
Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ivanti-three-csa-zerodays/
-
Three new Ivanti CSA zero-day actively exploited in attacks
Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA) that are actively exploited in attacks in the wild. Below are the descriptions of the three vulnerabilities: Threat actors are chaining these…
-
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/08/cve-2024-9379-cve-2024-9380-cve-2024-9381/
-
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.Successful exploitation of these vulnerabilities could allow an authenticated First…
-
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/
-
Update auf CSA 5.0 notwendig – Mehrere Sicherheitslücken bei Ivanti sind Ziel von Cyberattacken
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-cloud-services-appliance-a-a4099c534e081d4a2668d56045d7b5cb/
-
Ivanti warns critical flaws in Endpoint Manager exploited in the wild
First seen on scworld.com Jump to article: www.scworld.com/news/ivanti-warns-critical-flaws-in-endpoint-manager-exploited-in-the-wild
-
Ivanti Confirms Exploitation of an Old Critical Vuln
Remote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code. First seen on govinfosecurity.com…