January 10, 2024 at 01:59PM Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited … Read more
November 20, 2023 at 10:09AM The US cybersecurity agency CISA has published a guidance document to help healthcare and public health organizations understand cyber threats and risks in their sector. The document incorporates vulnerability trends and provides recommendations on asset management, identity management, device security, patching, and vulnerability remediation. The agency emphasizes the need for … Read more
October 25, 2023 at 03:33AM Effective security patch management is crucial for enterprises to strengthen their defense against ransomware. With a large number of applications to manage and frequent patches being released by software vendors, IT teams need a risk-based approach to prioritize patching. Factors like relevance to the organization’s IT ecosystem, exploitation in the … Read more