Tag: Vulnerabilities

The vendor disclosed that some customers have been attacked through exploitation of the newly discovered flaws in its Cloud Service Appliance. Ivanti disclosed Tuesday that some customers have been attacked through exploitation of three newly discovered vulnerabilities in its Cloud Service Appliance (CSA) gateway. The vendor said the flaws have been exploited in conjunction with…

Read More

CISA urges organizations to address the remote code execution vulnerability affecting Ivanti EPM. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Wednesday urged organizations to prioritize patching for a previously disclosed, critical-severity vulnerability affecting Ivanti Endpoint Manager, which has now seen exploitation in attacks. The remote code execution (RCE) flaw in the product, also known…

Read More

A critical-severity flaw in Nvidia Container Toolkit and GPU Operator impacts AI applications and more than a third of cloud environments, according to Wiz researchers. A recently discovered critical-severity Nvidia vulnerability poses a “serious risk” for the security of data, according to researchers that uncovered the issue. The flaw (tracked at CVE-2024-0132) impacts Nvidia Container…

Read More

‘All versions of Red Hat Enterprise Linux (RHEL) are affected by [the vulnerabilities] but are not vulnerable in their default configurations,’ the IBM-owned company said. Red Hat warned Thursday that four newly discovered vulnerabilities — which are rated as “important” and affect all versions of Enterprise Linux — could enable remote execution of code. “All…

Read More

The vendor disclosed that a ‘limited’ number of customers have been attacked through exploits of the flaw affecting its Cloud Service Appliance. Ivanti disclosed Thursday it’s aware of attacks against some customers through exploitation of a newly discovered, critical-severity vulnerability affecting its Cloud Service Appliance (CSA) gateway. It’s the second flaw in Ivanti’s CSA gateway…

Read More

The flaw had received a fix during Microsoft’s ‘Patch Tuesday’ update on Sept. 10, but had not initially been listed as exploited in attacks. A Microsoft Windows vulnerability with a rating of “high” severity has been acknowledged as having seen exploitation in cyberattacks, after initially being listed by the tech giant as unexploited upon its…

Read More

‘CloudImposer could have allowed attackers to conduct a massive supply chain attack by compromising the Google Cloud Platform’s Cloud Composer service for orchestrating software pipelines,’ says Tenable security researcher Liv Matan. Google has patched a critical security flaw inside its Google Cloud Platform Composer tool that could have enabled hackers to achieve remote execution on…

Read More

The high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says. Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors. As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only…

Read More

‘We’re not sure why they don’t list [the vulnerability] as being under active attack, but you should treat it as though it were,’ writes Trend Micro’s Dustin Childs. Microsoft’s monthly release of security fixes addresses five zero-day vulnerabilities that are seeing active exploitation, despite the company only listing four zero days in its disclosure Tuesday,…

Read More

The vulnerability in the vendor’s SonicOS firmware affects a wide array of SonicWall firewalls. A critical-severity vulnerability affecting a wide array of SonicWall firewalls has been exploited by threat actors to deploy ransomware, according to security researchers. The access control flaw (tracked at CVE-2024-40766) impacts firewalls running multiple versions of the vendor’s SonicOS firmware—SOHO (Gen…

Read More