Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.
The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system.
“An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti
The Hacker News – Read More
Post Content
darkreading – Read More
Post Content
darkreading – Read More
An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor.
Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised target to date, although it’s
The Hacker News – Read More
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild.
The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.
“A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially
The Hacker News – Read More
Quantum computing is very much a mixed blessing.
Latest stories for ZDNET in Security – Read More
The use of QR codes to deliver malicious payloads jumped in Q4 2023, especially against executives, who saw 42 times more QR code phishing than the average employee.
darkreading – Read More
Tabletop exercises can be an effective and affordable way to test an organization’s defense and response capabilities against cyberattack.
darkreading – Read More
Trying to decide between LastPass Free and Premium? This comparison guide highlights the features and benefits of each plan to help you make an informed decision.
Security | TechRepublic – Read More