Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application

December 11, 2024 at 06:19AM Ivanti announced patches for 11 vulnerabilities, including five critical-severity bugs affecting Cloud Services Application, Connect Secure, and Policy Secure. Notably, CVE-2024-11639, with a CVSS score of 10, allows authentication bypass. Users are urged to update their systems. No evidence of exploitation has been reported. ### Meeting Takeaways 1. **Ivanti Vulnerability … Read more

Microsoft 365 outage takes down Office web apps, admin center

December 10, 2024 at 07:48AM Microsoft is currently investigating a significant and ongoing outage affecting Microsoft 365, specifically impacting Office web apps and the Microsoft 365 admin center. **Meeting Takeaways: Microsoft 365 Outage Investigation** 1. **Current Situation**: Microsoft is currently investigating a widespread outage affecting Microsoft 365 services. 2. **Impact**: The outage primarily impacts Office … Read more

Open Source Security Priorities Get a Reshuffle

December 6, 2024 at 10:07AM The latest “Census of Free and Open Source Software” highlights the rising significance of open source components, especially in Python and cloud connectivity. The report emphasizes the need for better funding and maintenance to enhance software security, as reliance on aging, unpaid developers poses sustainability challenges for critical software ecosystems. … Read more

AWS Rolls Out Updates to Amazon Cognito

November 26, 2024 at 02:38PM Amazon Web Services updated Amazon Cognito, enhancing identity and access management capabilities for developers. Key features now include passwordless login options, a streamlined developer console, and tiered pricing (Lite, Essentials, Plus) based on user needs. Enhanced security features are available in the higher tiers, excluding AWS GovCloud regions. ### Meeting … Read more

Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program

October 21, 2024 at 08:40AM Google Cloud’s new Vulnerability Reward Program (VRP) covers over 460 products and services, with 140 eligible for top-tier bug bounty rewards, encouraging security researchers to identify and report vulnerabilities. **Meeting Notes Takeaways:** 1. **New VRP Launch**: Google Cloud has introduced a new Vulnerability Reward Program (VRP) that encompasses over 460 … Read more

3 More Ivanti Cloud Vulns Exploited in the Wild

October 9, 2024 at 03:06PM Ivanti has alerted customers to three new vulnerabilities in its Cloud Services Appliance (CVA) that are currently being exploited, alongside a previously disclosed zero-day vulnerability. The company advises users to review administrative access and EDR alerts, and recommends migrating to CSA version 5.0 if compromised. ### Meeting Takeaways: 1. **New … Read more

How to manage shadow IT and reduce your attack surface

September 23, 2024 at 10:19AM Employees increasingly turn to unauthorized IT solutions, known as “shadow IT,” to improve productivity, posing security and compliance risks. This involves using unapproved devices, software, and services. To manage these risks, strategies include identifying root causes, educating employees, establishing clear policies, and leveraging technology tools. Adopting External Attack Surface Management … Read more

Ivanti warns high severity CSA flaw is now exploited in attacks

September 13, 2024 at 01:40PM Ivanti has confirmed the active exploitation of a high severity vulnerability in its Cloud Services Appliance solution. Based on the meeting notes, it is important to note that Ivanti confirmed on Friday a high severity vulnerability in its Cloud Services Appliance (CSA) solution that is currently being actively exploited in … Read more

New Go-based Backdoor GoGra Targets South Asian Media Organization

August 7, 2024 at 06:57AM An unnamed media organization in South Asia was targeted using a previously undocumented Go-based backdoor called GoGra, which utilizes the Microsoft Graph API for C&C purposes. Other new malware families have employed similar techniques, suggesting that threat actors are increasingly utilizing legitimate cloud services for low-key operations. Based on the … Read more

Microsoft Azure outage takes down services across North America

August 5, 2024 at 05:08PM Microsoft successfully resolved a two-hour Azure outage that disrupted multiple services in North and Latin America. Based on the meeting notes, the key takeaway is that Microsoft has successfully mitigated an Azure outage that affected multiple services for customers across North and Latin America, lasting more than two hours. Full … Read more