TLDR: Cyber authorities in the U.S. and Australia have issued warnings that threat actors are finding ways to get around some mitigations put in place by Ivanti for its Connect Secure and Policy Secure Gateways. Ivanti has also discovered two new vulnerabilities in these devices. The vulnerabilities are CVE-2024-21888, which affects Policy Secure, and CVE-2024-21893, which affects supported versions of Connect Secure and Policy Secure Gateways. Ivanti has released a patch to address these vulnerabilities and is recommending that customers factory reset their appliances before applying the patch as an extra precaution. Threat actors have reportedly developed workarounds to some mitigation and detection methods, leading to ongoing exploitation activities. Cyber authorities are advising organizations to investigate and monitor systems for potential compromise.
Beware Ivanti mitigations breached by clever threat actors | IT World Canada News
Latest from News
CISA alert: Watch your credentials in FY23 risk assessment
TLDR: CISA warns about the risk of credential access in FY23 risk & vulnerability assessment IBM’s X-Force Threat Intelligence Index 2024 also identifies credential
Stay safe online AARP Virginia Fraud Alert: Cyber Security Awareness
TLDR: Key Points: October is National Cybersecurity Awareness Month Important tips to stay safe online include using strong passwords, enabling multi-factor authentication, updating software,
Aussie Cyber Pros Reveal Rising Stress Levels
TLDR: Australian cybersecurity professionals are facing increased job stress due to a complex threat landscape, low budgets, and hiring challenges. The industry prefers candidates
Proxy statements: Boards’ AI and cyber-security oversight, forecasting ahead
TLDR: Proxy statements have evolved from compliance documents to key tools for communicating with shareholders. Ron Schneider from Donnelley Financial Solutions discusses best practices
Businesses taking action against cyber threats: PwC shows readiness
TLDR: Organisations are taking action towards cyber resilience, with 77% expecting their cyber budget to increase over the coming year. PwC’s survey highlighted that