Users of Citrix Workspace App are advised to update due to two privilege escalation flaws. Cloud Software Group disclosed vulnerabilities (CVE-2024-7889 & CVE-2024-7890) in the Windows app, allowing attackers to gain high-level access.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-14 06:06:562024-09-14 06:06:56Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-14 05:08:522024-09-14 05:08:52Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-14 02:06:412024-09-14 02:06:41Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-14 01:07:032024-09-14 01:07:03Kubernetes attacks are growing: Why real-time threat detection is the answer for enterprises
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-13 21:07:262024-09-13 21:07:26Port of Seattle refuses to pay Rhysida ransom, warns of data leak
In the wake of the devastating CrowdStrike meltdown earlier this year, Microsoft convened a meeting with leaders from the endpoint security business. Did anything useful come of it?
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-13 21:07:262024-09-13 21:07:26At Microsoft’s security summit, experts debated how to prevent another global IT meltdown. Will it help?
Microsoft unveils Windows Agent Arena, a groundbreaking benchmark for testing AI agents on Windows, accelerating development of AI assistants that could revolutionize human-computer interaction.Read More
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-13 21:07:252024-09-13 21:07:25Microsoft’s Windows Agent Arena: Teaching AI assistants to navigate your PC
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-09-13 20:07:182024-09-13 20:07:18Fortinet Confirms Customer Data Breach via Third Party
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws
/in General NewsUsers of Citrix Workspace App are advised to update due to two privilege escalation flaws. Cloud Software Group disclosed vulnerabilities (CVE-2024-7889 & CVE-2024-7890) in the Windows app, allowing attackers to gain high-level access.
Cyware News – Latest Cyber News – Read More
Update: Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
/in General NewsTrend Micro researchers uncovered remote code execution attacks targeting Progress Software’s WhatsUp Gold using the vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671.
Cyware News – Latest Cyber News – Read More
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
/in General NewsIvanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows
The Hacker News – Read More
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
/in General NewsPost Content
The Record from Recorded Future News – Read More
Kubernetes attacks are growing: Why real-time threat detection is the answer for enterprises
/in General NewsOver the last year, 89% of enterprises experienced at least one container or Kubernetes security incident, making security a high priority.Read More
Security News | VentureBeat – Read More
Port of Seattle refuses to pay Rhysida ransom, warns of data leak
/in General NewsPost Content
The Record from Recorded Future News – Read More
At Microsoft’s security summit, experts debated how to prevent another global IT meltdown. Will it help?
/in General NewsIn the wake of the devastating CrowdStrike meltdown earlier this year, Microsoft convened a meeting with leaders from the endpoint security business. Did anything useful come of it?
Latest stories for ZDNET in Security – Read More
Microsoft’s Windows Agent Arena: Teaching AI assistants to navigate your PC
/in General NewsMicrosoft unveils Windows Agent Arena, a groundbreaking benchmark for testing AI agents on Windows, accelerating development of AI assistants that could revolutionize human-computer interaction.Read More
Security News | VentureBeat – Read More
Fortinet Confirms Customer Data Breach via Third Party
/in General NewsThe incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.
darkreading – Read More
Apple Suddenly Drops NSO Group Spyware Lawsuit
/in General NewsApple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
The post Apple Suddenly Drops NSO Group Spyware Lawsuit appeared first on SecurityWeek.
SecurityWeek – Read More