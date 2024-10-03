Open in App
  • Local
  • U.S.
  • Election
  • Politics
  • Sports
  • Lifestyle
  • Education
  • Real Estate
  • Newsletter
    • TechRadar

    US government flags major Ivanti security flaw, so patch now

    By Sead Fadilpašić,

    1 days ago

    https://img.particlenews.com/image.php?url=011fmN_0vt1tt6t00

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild.

    The bug that was just added is an SQL Injection vulnerability , found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and prior. It grants an unauthenticated attacker within the same network the ability to run arbitrary code. It is tracked as CVE-2024-29824, and has a severity score of 9.6 (critical).

    Federal agencies now have three weeks to apply the patch, or stop using the product altogether - and organizations in the private sector should take note, too.

    Renewed commitment to security

    Ivanti Endpoint Manager (EPM) is a software solution designed for IT asset management, offering tools to manage, secure, and troubleshoot endpoints like desktops, laptops, and mobile devices across an organization. It helps automate patching, software distribution, and inventory control, and supports Windows, macOS, Chrome OS, and different IoT operating systems.

    The company says it patched the vulnerability in May 2024, together with five other RCE flaws. It, too, recently confirmed observing attacks in the wild: "At the time of this update, we are aware of a limited number of customers who have been exploited," the company concluded.

    Ivanti is a major technology provider in the B2B sector, with over 40,000 customers globally, and clients spanning various industries, including government, healthcare, education, financial services, and more. These organizations use Ivanti's solutions for IT management, security, and asset management, and as such, they are a major target for cybercriminals.

    In recent years, Ivanti has been at the center of much controversy, since many of its products were found to be severely flawed. In response, Ivanti CEO Jeff Abbott issued an open letter to customers and partners in April 2024, promising a renewed commitment to security.

    Via BleepingComputer

    More from TechRadar Pro

    Expand All
    Read in NewsBreak
    Comments /
    Add a Comment
    YOU MAY ALSO LIKE
    Local News newsLocal News
    DDoS attacks can be amplified by CUPS flaw
    TechRadar22 hours ago
    Adobe Commerce and Magento stores facing attack from dangerous malware
    TechRadar1 day ago
    C-level executives are a weak point for cybersecurity
    TechRadar2 days ago
    ‘I never use theirs’: Walmart worker issues warning to customers about using the bathrooms
    NewsNinja2 days ago
    Linux systems are being hit by a wide-ranging and dangerous new malware
    TechRadar1 day ago
    Earth Will Have a "Second Moon" for 57 Days: What does this mean?
    M Henderson20 hours ago
    ‘It’s just liquid Tylenol’: Pharmacist warns against new PainQuil, calls it a ‘scam medication’
    NewsNinja9 days ago
    5 of the best apps for mapping your run
    TechRadar1 day ago
    Ross shopper says the worker checked her receipt at the door and went through her bag.
    NewsNinja3 days ago
    Order Free COVID-19 Tests at the End of September
    Alameda Post9 days ago
    Report says 7 California cities make the top 10 for most expensive to cool home in America
    The HD Post16 days ago
    Generative AI and ChatGPT are making their way to your Samsung TV
    TechRadar1 day ago
    Man Sentenced to 4+ Years for Checks Stolen from U.S. Mail
    Morristown Minute2 days ago
    Alameda PostCast for October 4, 2024
    Alameda Post23 hours ago
    Fentanyl-meth combo ravages homeless in Denver, so why aren't there better treatments?
    David Heitz27 days ago
    6.6 Magnitude Earthquake Strikes Off the Coast of Canada, Felt in Washington State
    Bellingham Metro News18 days ago
    Android 16 could let you lock your phone down even tighter with new security features
    TechRadar1 day ago
    Armed Robbery of USPS Mail Carrier: Two Charged
    Morristown Minute11 days ago
    Walmart shopper issues warning on why you should wash your new clothes before you wear them
    NewsNinja2 days ago
    New law allows tenants to report on-time rent payments to help credit score
    The HD Post11 days ago
    NYT Strands today — hints, answers and spangram for Friday, October 4 (game #215)
    TechRadar1 day ago
    An Annular Solar Eclipse Happens October 2, 2024
    M Henderson3 days ago
    Octopus Arcade Stick review: a premium fight stick with versatility to match
    TechRadar2 hours ago
    Aurora homeless encampments getting bigger, official says
    David Heitz20 days ago
    This beautiful and well-priced turntable from a vinyl great looks like seriously tempting spinner
    TechRadar2 days ago
    Hisense’s small 4K laser projector can go up to 300 inches, plus has 120Hz support and JBL sound
    TechRadar1 day ago
    Hacker made millions from breaking into business Office 365 accounts
    TechRadar2 days ago
    This Is Why Idaho Is The State People Are Least Likely To Move Away From
    Shop with Me Mama17 days ago
    Colombian Citizen Guilty of Importing Cocaine to US
    Morristown Minute2 days ago
    Silent Hill 2 review: a stylish remake, but not definitive
    TechRadar1 day ago

    Comments / 0

    Community Policy