Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical vulnerability in the Ivanti Cloud Appliance is being used in active cyber attacks
Global Security

A critical vulnerability in the Ivanti Cloud Appliance is being used in active cyber attacks

AdminBy AdminSeptember 20, 2024No Comments2 Mins Read
Active Cyberattacks
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 20, 2024Ravi LakshmananEnterprise Security / Network Security

Active cyber attacks

Ivanti has revealed that a critical security flaw affecting the Cloud Service Appliance (CSA) is being exploited in the wild.

The new vulnerability, assigned CVE ID CVE-2024-8963, has a CVSS score of 9.4 out of a maximum of 10.0. This was “incidentally resolved” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.

“Passing the path in Ivanti CSA prior to 4.6 Patch 519 allows a remote, unauthenticated attacker to gain access to limited functionality,” the company said in a statement. said in Thursday’s newsletter.

He also noted that the deficiency may be associated with CVE-2024-8190 (CVSS score: 7.2), which allows an attacker to bypass administrator authentication and execute arbitrary commands on the device.

Cyber ​​security

Ivanti also warned that it is “aware of a limited number of customers who have been exploited by this vulnerability,” days after it disclosed active attempts to exploit CVE-2024-8190.

This indicates that the threat actors behind this activity are combining dual vulnerabilities to achieve code execution on vulnerable devices.

My development prompted US Cybersecurity and Infrastructure Security Agency (CISA). to add vulnerability to its known vulnerabilities used (KEV) catalog that requires federal agencies to apply the corrections by October 10, 2024.

Users are strongly encouraged to upgrade to CSA version 5.0 as soon as possible, as version 4.6 has reached end of life and is no longer supported.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025

Hackers operate incorrectly configured API Docker to hand over cryptocurrency via Tor Network

June 24, 2025

US House forbids WhatsApp on official security and protection devices

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.