The UK’s National Cyber Security Centre (NCSC) and its US counterpart have issued an urgent advisory to Ivanti customers after discovering two critical vulnerabilities, one of which is actively exploited. Read on to see how the Ivanti Zero-Day Vulnerability was exploited. Details of how the Ivanti Zero-Day Vulnerability was exploited Ivanti released a security advisory … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) on Jan. 7 added three bugs to its Known Exploited Vulnerabilities (KEV) catalog, two that affected the Mitel MiCollab communications and collaboration platform, and an Oracle WebLogic Server bug from 2020. Of the two Mitel MiCollab bugs, the most serious of the two — CVE-2024-41713 — was assigned … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) on Nov. 7 warned that attackers are exploiting a Palo Alto Expedition missing authentication vulnerability that lets threat actors with network access takeover an Expedition admin account and access configuration secrets and credentials. Expedition is a Palo Alto migration tool that lets security teams convert firewall configurations from … Read more
Four vulnerabilities in SAP, D-Link, DrayTek and Motion Spell products were added to the Known Exploited Vulnerabilities (KEV) catalog Monday by the Cybersecurity & Infrastructure Security Agency (CISA) The vulnerabilities, most of which are several years old, pose risks including privilege escalation and remote command execution. Due to targeting of these flaws by threat actors, … Read more
