Mandiant Updates Guidance for Protecting Against Ivanti Vulnerabilities
Image source: Shutterstock Following its disclosure of two new zero-days Jan 31, Ivanti too has updated its mitigation file. Customers who applied previous mitigation would need re-apply it to address new flaws. Google’s Mandiant security group has released updated guidance for Ivanti customers looking to remediate or harden their Ivanti Connect Secure (formerly Pulse Secure) […]
Read MoreCritical Vulnerability in Jenkins CLI Could Enable Remote Code Execution
Image source: Shutterstock CVE-2024-23897 is the most serious of 12 vulnerabilities that the Jenkins team disclosed on Jan 24. The Jenkins infrastructure team has issued a patch for a critical remote code execution vulnerability in the widely used open-source automation technology for building, testing and deploying application software. CVE-2024-23897 is an arbitrary file read vulnerability […]
Read MoreCVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb
Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) technology following the release of a proof-of-concept exploit for it this week. Fortra informed customers privately about […]
Read MoreChina’s UTA0178 Threat Group Backdoors 2,100 Ivanti VPN Appliances Via Recently Disclosed 0-Days
- Editor DTI
- January 18, 2024
- cve-2023-46805
- cve-2024-21887
- ivanti
- uta0178
- vpn
Image Source: Shutterstock Attacker stealing sensitive system data, tampering with built-in Integrity Check to hide signs of malicious activity. Multiple threat actors have joined Chinese advanced persistent threat group UTA0178 in targeting two recently disclosed zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances following the public release of a proof-of-concept exploit for the flaws […]
Read MoreLockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks
Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit ransomware operators are apparently working in a coordinated manner to break into major organizations via “CitrixBleed” (CVE-2023-4966) a critical vulnerability in several versions […]
Read MorePatch for Cisco Zero Day Bug to Become Available Oct. 22
Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the web UI of Cisco’s IOS EX software. Two 0-Day Bugs, Not One The first is, Cisco’s investigation into the recent widespread attacks targeting […]
Read MoreCisco Recommends Orgs Apply Access Lists to HTTPS Server Feature in IOS XE to Mitigate New 0-Day Threat
Image source: : Shutterstock One security vendor says adversary has used bug to infect thousands of IOS XE devices with an implant for remote code execution. Organizations can protect against the zero-day bug that Cisco disclosed in its IOS XE operating system Monday by restricting access to its HTTP Server feature from untrusted hosts and […]
Read MorePatch Now: Atlassian Discloses Zero-Day Bug in Confluence Data Center and Server
Image Source: Shutterstock Several customers have reported attackers exploiting the vulnerability to create unauthorized Confluence administrator accounts and to access Confluence instances, company says. Atlassian wants organizations using its on-premises Confluence Data Center and Server content collaboration software to immediately update to new versions that the company released today to address a critical privilege escalation […]
Read MoreCISA Adds Critical TeamCity Flaw to Known Exploited Vulnerabilities Catalog
Image source: Shutterstock Move follows reports this week of threat actors actively exploiting the flaw in ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed authentication bypass flaw in the JetBrains TeamCity CI/CD platform (CVE-2023-42793) to its catalog of known exploited vulnerabilities (KEV). The move follows recent reports about […]
Read MoreHere’s What You Need to Know About the Severe “Looney TUNABLES” Vuln in Multiple Linux Distros
Image source: Shutterstock CVE-2023-4911 is a local privilege escalation flaw that gives attackers a way to gain root access on versions of Debian, Fedora, Ubuntu and other Linux distributions using the glibc library. Millions of Linux systems running default installations of certain versions of Debian, Fedora, Ubuntu—and likely other distributions using the GNU C Library […]
Read More