October 8, 2024 at 01:15PM Ivanti has warned about three new security vulnerabilities in its Cloud Service Appliance (CSA) actively exploited in the wild. The zero-day flaws, when combined with a previously patched flaw, can allow attackers to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. The company advises taking measures to … Read more
September 20, 2024 at 04:36AM Ivanti announced the exploitation of two vulnerabilities in its Cloud Services Appliance (CSA): CVE-2024-8190 and CVE-2024-8963. The flaws allow unauthorized access and arbitrary command execution on devices. CSA 4.6 Patch 519 and CSA 5.0 address the vulnerabilities, with the latter recommended due to the end of life for 4.6. CISA … Read more
September 20, 2024 at 01:33AM Ivanti disclosed active exploitation of a critical security flaw in Cloud Service Appliance (CSA), with remote unauthenticated attacker access. The vulnerability, CVE-2024-8963, carries a CVSS score of 9.4 and can be combined with CVE-2024-8190 for arbitrary command execution. CSA 4.6 Patch 519 and CSA 5.0 address the issue. CISA has … Read more
September 19, 2024 at 02:45PM Ivanti warns of ongoing exploitation of a Cloud Services Appliance (CSA) vulnerability, CVE-2024-8963, allowing remote attackers to access restricted functions. Attackers also exploit CVE-2024-8190 to bypass admin authentication and execute arbitrary commands. Ivanti advises immediate patching and emphasizes the end-of-life status of Ivanti CSA 4.6. Federal agencies are mandated to … Read more
September 16, 2024 at 05:27AM Exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability CVE-2024-8190 began shortly after the vendor released patches. The high-severity flaw enables unauthorized access and remote code execution, affecting certain versions of the CSA. Ivanti has addressed the issue in Patch 519 and CSA 5.0, but noted limited customer exploitation. CISA … Read more
September 14, 2024 at 12:39AM Ivanti disclosed an actively exploited high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance, impacting version 4.6, prompting customers to upgrade to version 5.0. The company noted confirmed exploitation in the wild targeting a limited number of customers and urged federal agencies to apply fixes by October 4, 2024. Additionally, a … Read more
September 13, 2024 at 01:40PM Ivanti has confirmed the active exploitation of a high severity vulnerability in its Cloud Services Appliance solution. Based on the meeting notes, it is important to note that Ivanti confirmed on Friday a high severity vulnerability in its Cloud Services Appliance (CSA) solution that is currently being actively exploited in … Read more
July 19, 2024 at 08:28AM The Cloud Security Alliance released CCSK v5, a comprehensive cloud security training and certificate for security professionals. It covers topics like incident response, data encryption, and application security. The program complements other education and provides in-depth information on cloud architecture, workloads, AI, and more. The exam is 120 minutes long … Read more
March 6, 2024 at 10:02AM The cloud security landscape continues to evolve, with the Cloud Security Alliance (CSA) highlighting 11 key threats and recommended defenses. Issues like misconfigurations and inadequate change control continue to challenge organizations. Effective strategies include building a robust identity program and investing in threat hunting, emphasizing the need for proactive measures … Read more