• Help Net Security

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024- ... Read more

• TheCyberThrone

Ivanti has released trove of security updates  as part of November 2024 security advisoryIvanti Endpoint ManagerThe most critical vulnerability, CVE-2024-50330 with a CVSS score of 9.8, is a SQL injec ... Read more

• Cybersecurity News

Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client ... Read more

• Cybersecurity News

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).The vuln ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploita ... Read more

• Cybersecurity News

Reverse Shell - Running as root User | Image: Richard WarrenIvanti has addressed a critical remote code execution (RCE) vulnerability affecting its Connect Secure and Policy Secure products, as report ... Read more

• Cybersecurity News

Image: The Shadowserver FoundationEnterprise security firm Proofpoint has issued a critical warning regarding active exploitation attempts against Synacor’s Zimbra Collaboration platform. A recently d ... Read more

• Cybersecurity News

A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit th ... Read more

• Cybersecurity News

Successfully exploiting using Burp | Image: Horizon3The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited security vulnerability impacting Ivanti Virtual Traffic Manager (vTM), a ... Read more

• Cybersecurity News

The latest vulnerability disclosure identifies a significant security flaw in the Microchip Advanced Software Framework (ASF), specifically within its tinydhcp server implementation. This vulnerabilit ... Read more

• Cybersecurity News

Authenticated Command Injection | Image: Horizon3.aiA proof-of-concept (PoC) exploit for CVE-2024-8190, an exploited OS command injection vulnerability in Ivanti Cloud Services Appliance, is now publi ... Read more

• Help Net Security

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in ... Read more

• TheCyberThrone

The US CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitationThe first vulnerability tracked as CVE-2024-43461, Microsoft Windows MSH ... Read more

• Cybersecurity News

A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popula ... Read more

• Cybersecurity News

In a concerning development for call centers using VICIdial, a popular open-source contact center solution, two high-severity security vulnerabilities have been discovered that could lead to severe da ... Read more

• BleepingComputer

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ... Read more

• Cybersecurity News

IE and a promote window dialog appear when the victim double-clicks on the .url file | Image: Check PointIn an unexpected turn of events, Microsoft has revised its September 2024 Patch Tuesday securit ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-202 ... Read more

• TheCyberThrone

The US CISA added Ivanti vulnerability tracked as CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitationThe vulnerability affects Ivanti Cloud Servic ... Read more

• The Hacker News

Enterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity ... Read more

• Cybersecurity News

A high-severity vulnerability (CVE-2024-8190) in Ivanti Cloud Services Appliance (CSA) is under active exploitation, prompting an urgent directive from the U.S. Cybersecurity and Infrastructure Securi ... Read more

• TheCyberThrone

SolarWinds has released patches for two vulnerabilities affecting their Access Rights Manager (ARM) software, that have the potential to compromise the security of networks utilizing ARM, with impacts ... Read more

• TheCyberThrone

Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that  allows attackers to bypass authorization checks and execute arbitrary code on the server, even without v ... Read more

• TheCyberThrone

Palo Alto released patches to address several vulnerabilities discovered in their products, if exploited, could allow unauthorized access, data breaches, and disruption of services.A range of vulnerab ... Read more

• TheCyberThrone

GitLab has released critical security patches for its Community Edition (CE) and Enterprise Edition (EE) that could allow an attacker to execute arbitrary code.Vulnerability detailsCVE-2024-6678 with ... Read more

• Help Net Security

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-4 ... Read more

• Cybersecurity News

Palo Alto Networks, a leading cybersecurity solutions provider, has recently released a critical security advisory, urging its customers to take immediate action to address several vulnerabilities dis ... Read more

• TheCyberThrone

Ivanti fixed a critical vulnerability in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core serverThe vulnerability tracked as CVE-2024-29847 with ... Read more

• security.nl

Een kritieke kwetsbaarheid in Ivanti Endpoint Manager maakt het mogelijk voor ongeauthenticeerde aanvallers om servers op afstand over te nemen, wat grote gevolgen voor organisaties kan hebben. Ivanti ... Read more

• Help Net Security

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code ... Read more

• The Hacker News

Enterprise Security / Vulnerability Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in ... Read more

• Cybersecurity News

A critical vulnerability has been discovered in HPE HP-UX’s Network File System (NFSv4), leaving systems open to potential denial-of-service (DoS) attacks. This vulnerability, tracked as CVE-2024-4250 ... Read more

• BleepingComputer

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps admin ... Read more

• Cybersecurity News

Ivanti has released a series of critical updates for its widely used Ivanti Endpoint Manager (EPM), addressing several vulnerabilities that pose significant security risks to organizations. The most s ... Read more