January 24, 2024 at 01:01PM Over 5,300 GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw enabling attackers to reset passwords and take over accounts. Despite not bypassing 2FA, it poses a significant risk to unprotected accounts. ShadowServer identifies vulnerable servers in the U.S., Germany, Russia, and other countries, urging immediate patching and … Read more
January 22, 2024 at 01:27PM Ivanti advises administrators to refrain from pushing new device configurations to appliances after applying mitigations as it renders them defenseless against ongoing attacks exploiting two zero-day vulnerabilities. There have been large-scale attacks targeting Ivanti ICS and IPS appliances, with companies issuing mitigation measures and recovery instructions. Thousands of exposed appliances … Read more
January 19, 2024 at 02:30PM CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for … Read more