CyberSecurityBoard
Sponsor Register Login

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information.
Understanding zero-trust design philosophy and principlesIn this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy.
Embracing offensive cybersecurity tactics for defense against dynamic threatsIn this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies.
In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities.
Microsoft fixes critical flaws in Windows Kerberos, Hyper-VFor January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700.
SEC's X account hacked to post fake news of Bitcoin ETF approvalSomeone has hijacked the X account of the US Securities and Exchange Commission, and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs on registered national security exchanges.
Ivanti Connect Secure zero-days exploited by attackersTwo zero-day vulnerabilities in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered.
SQLi vulnerability in Cacti could lead to RCEA blind SQL injection vulnerability in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution.
Critical Cisco Unity Connection flaw gives attackers root privileges.
Top 2024 AppSec predictionsIn this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends.
Top LLM vulnerabilities and how to mitigate the associated riskAs large language models become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive.
The growing challenge of cyber risk in the age of synthetic mediaIn this Help Net Security video, Mike Bechtel, Chief Futurist at Deloitte, discusses the digital risk of cyber-attacks from the proliferation of AI-generated content and synthetic media in our digital landscape.
The power of basics in 2024's cybersecurity strategiesIn this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this 'come from behind' rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business.
Akira ransomware attackers are wiping NAS and tape backupsThe attackers pinpointed and targeted organizations with vulnerable internet-facing Cisco ASA or FTD devices and found and wiped target organizations' backups before deploying the ransomware.
Cloud security predictions for 2024As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it's evident that we're on the cusp of a paradigm shift in cloud security.
The expanding scope of CISO duties in 2024In this Help Net Security video, Bindu Sundaresan, Director at AT&T Cybersecurity, discusses the ongoing changes we'll see from the CISO role as digital transformation efforts continue.
Cyber budgets and the VC landscape in 2024In this Help Net Security video, Marcus Bartram, General Partner at Telstra Ventures, discusses his 2024 cybersecurity predictions.
Cyber threat actors are increasingly setting their sights on small businesses.
If successful, their attack attempts can be devastating.
New infosec products of the week: January 12, 2024Here's a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 14 Jan 2024 07:43:03 +0000


Cyber News related to Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
10 months ago Bleepingcomputer.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
11 months ago Unit42.paloaltonetworks.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
11 months ago Bleepingcomputer.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
10 months ago Techtarget.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
11 months ago Bleepingcomputer.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
10 months ago Bleepingcomputer.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
10 months ago Go.theregister.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
10 months ago Securityweek.com
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
11 months ago Securityweek.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
9 months ago Techtarget.com
Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
11 months ago Infosecurity-magazine.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
11 months ago Techtarget.com
Ivanti Connect Secure zero-days exploited by attackers - Two zero-day vulnerabilities in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be ...
11 months ago Helpnetsecurity.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
11 months ago Go.theregister.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
10 months ago Cysecurity.news
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
10 months ago Go.theregister.com
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
10 months ago Malwarebytes.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
11 months ago Helpnetsecurity.com
CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
11 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
6 months ago Securityaffairs.com
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet - Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect Secure VPN is a virtual private network tool that ...
11 months ago Darkreading.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
GitLab warns of critical zero-click account hijacking vulnerability - GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The most critical security issue GitLab patched has the ...
11 months ago Bleepingcomputer.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
11 months ago Techrepublic.com
Ivanti Vulnerability Exploited to Deliver New 'DSLog' Backdoor - A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named 'DSLog', security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side ...
10 months ago Packetstormsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)