Ivanti has released the following three security advisories addressing vulnerabilities in multiple products.
Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to denial-of-service (DoS) and one vulnerability could lead to information disclosure. All are rated with a CVSSv3 score of 7.5. Ivanti reports there is no known exploitation of these vulnerabilities.
Read more…
Source: NHS Digital
Related:
- Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134)
June 3, 2022
On June 2, Volexity reported that over Memorial Day weekend, they identified suspicious activity on two internet-facing servers running Atlassian’s Confluence Server application. After analysis of the compromise, Volexity determined the initial foothold was the result of a remote code execution vulnerability in Confluence Server and Data Center. The details were reported to Atlassian on ...
- Fake Windows exploits target infosec community with Cobalt Strike
May 24, 2022
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809. When Microsoft patches a vulnerability, it is common for security researchers to analyze the fix and release proof-of-concept ...
- Microsoft patches the patch that broke Windows authentication
May 20, 2022
Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update. Elizabeth Tyler, cyber security consultant on Microsoft’s Detection and Response Team, confirmed the fix to worried administrators early this morning. Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures ...
- Protecting Android users from 0-Day attacks
May 19, 2022
To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks. This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, ...
- Apple emergency update fixes zero-day used to hack Macs, Watches
May 16, 2022
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives ...
- Microsoft: May Windows updates cause AD authentication failures
May 12, 2022
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. This comes after Windows admins started sharing reports of some policies failing after installing this month’s security updates with “Authentication failed due to a user credentials mismatch. Either the user name provided does ...