Ivanti warns of critical vTM auth bypass with public exploit

August 13, 2024 at 11:31AM Ivanti urged customers to patch critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances. The flaw, tracked as CVE-2024-7593, allows remote unauthenticated attackers to create rogue administrator accounts. Ivanti advises restricting access to vTM management interface and upgrading to the latest patched versions to mitigate the risk. Key … Read more

Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw

June 13, 2024 at 10:42AM Microsoft released a patch for a serious denial-of-service (DoS) vulnerability in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability (CVE-2023-50868) affects multiple vendors and projects, including Unbound, BIND, dnsmasq, and PowerDNS. Despite patches being released earlier by other vendors, Microsoft issued a fix only recently, making it a … Read more