Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]
Romania’s election systems targeted in over 85,000 cyberattacks
A declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks.…
Bypass Bug Revives Critical N-Day in Mitel MiCollab
A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.
Exploit released for critical WhatsUp Gold RCE flaw, patch now
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it…
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end…
MITRE shares 2024’s top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000…
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited…
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for…
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021),…
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws
Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access…