CISA demands patching for crucial Ivanti security vulnerability. | CybSec Wizard

Cyber Security Wizard

Wizardry for Cyber

Cyber Security Wizard

TLDR:

CISA issued advisory for critical Ivanti vulnerability, encouraging patching
RCE vulnerability in Ivanti Standalone Sentry could allow threat actors control of affected systems

CISA has urged organizations to address a critical remote code execution (RCE) vulnerability in Ivanti Standalone Sentry. This vulnerability, tracked at CVE-2023-41724, allows threat actors to execute arbitrary commands on the operating system of the appliance within the same network. Despite no known exploitation of this vulnerability at the time of disclosure, the severity score of 9.6 out of 10.0 highlights the importance of patching.

The issue follows previous security concerns with Ivanti systems, including the compromised CISA systems in February due to hackers exploiting Ivanti VPN vulnerabilities. With the increased risk posed by these vulnerabilities, CISA has been taking proactive measures to ensure the security of federal civilian agencies, including emergency directives and temporary disconnection of Ivanti Connect Secure VPNs.

It is crucial for organizations to stay updated with Ivanti advisories, apply necessary updates, and consider discontinuing the use of widely exploited Ivanti VPNs to mitigate the risk of cyber threats.

Post Views: 94

Adrian Johnson

Latest from Blog

Snowflake debuts MFA with 14-character passwords for added security

TLDR: Snowflake has rolled out MFA by default on its platform alongside 14-character passwords. This move comes after a series of high-profile third-party hacks on Snowflake customers. According to a recent article

CISA’s Election Infrastructure Cybersecurity Checklist: Essential Preventive Measures Covered

Article Summary TLDR: The CISA cybersecurity checklist provides standard preventive measures for election infrastructure. It covers basics such as MFA, segmenting, backups, and email protections. CISA has released a new cybersecurity checklist

Apple iOS 18 drops with patches for 32 security problems

TLDR: Apple has released iOS 18, addressing 32 security vulnerabilities. Vulnerabilities in Siri, Safari Private Browsing, and other components were fixed. Apple has released iOS 18, addressing a total of 32 security

Iranian ambassador injured in cyber attack on Hezbollah fighters: Reuters

TLDR: Thousands of Hezbollah fighters and medics were injured by exploding pagers in Lebanon. Lebanon blamed Israel for the explosions, which caused chaos and panic across the country. Thousands of members of

2024 Onyxia Cyber SC Award Winners – Recognize Excellence

TLDR: Onyxia Cyber has won the Best Emerging Technology award at the 2024 SC Awards for its innovative Cybersecurity Management Platform, powered by AI and machine learning. The platform offers real-time assessments,

2024 SC Award Winners: SlashNext, Best Secure Messaging Solution

TLDR: SlashNext won the Best Secure Messaging Solution award at the 2024 SC Awards. Their platform uses Next Gen AI to provide real-time protection against various forms of cyber fraud. In the

Shining light on cyber defense with identity illumination

Article Summary TLDR: Identity is the new perimeter in cybersecurity Organizations need to focus on identity visibility for stronger cyber defense Identity is the new perimeter in cybersecurity, as organizations shift towards

NVD battles against CVE backlog as attackers evolve their tactics

TL;DR: As the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) faces a backlog in processing vulnerabilities, attackers are changing tactics to exploit lesser-known vulnerabilities. The backlog is partially

Google Chrome levels up with ML-KEM for ultimate cybersecurity

TLDR: Google Chrome is switching from KYBER to ML-KEM for post-quantum cryptography defense. The changes are set to take effect in Chrome version 131 in early November 2024. Google has announced the

Level up your cybersecurity with the Updated NIST Framework

TLDR: The NIST Cybersecurity Framework has been updated to reflect the evolving role of technology infrastructure on organizational objectives. The new version, CSF2, includes a function focused on governance and a dedicated