Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

Multiple attacks force CISA to order agencies to upgrade or remove endoflife Ivanti appliance The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp The nations top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks pp The technology company updated an advisory on Friday warning that a limited number of customers were breached through the exploitation of CVE20248190 pp The bug was announced on Tuesday and effects Ivantis Cloud Service Appliance CSA a tool that provides secure communication over the internet and acts as a center point for managed devices and central consoles are connected pp Exploitation of the bug which the Cybersecurity and Infrastructure Security Agency CISA confirmed on Friday as well gives hackers access to the device running the CSA pp The advisory notes that CSA 46 is endoflife and no longer receives patches for OS or thirdparty libraries pp Additionally with the endoflife status this is the last fix that Ivanti will backport for this version Customers must upgrade to Ivanti CSA 50 for continued support they said CSA 50 is the only supported version and does not contain this vulnerability Customers already running Ivanti CSA 50 do not need to take any additional action pp CISA ordered all federal civilian agencies to remove CSA 46 from service or upgrade to the 50 by October 4 pp Ivanti said users will know they are impacted by exploitation of the bug by looking to see if there are modified or newly added administrative users They also urged customers to check security alerts if they have certain security tools involved pp The issue arose one day after another Ivanti bug caused alarm among defenders The company pledged a security overhaul in April after a cascade of headlinegrabbing nationstate attacks broke through the systems of government agencies in the US and Europe using vulnerabilities in Ivanti products ppJonathan Greigppis a Breaking News Reporter at Recorded Future News Jonathan has worked across the globe as a journalist since 2014 Before moving back to New York City he worked for news outlets in South Africa Jordan and Cambodia He previously covered cybersecurity at ZDNet and TechRepublicppPrivacyppAboutppContact Uspp Copyright 2024 The Record from Recorded Future Newsp

Read the original article 2 Dec 2024

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Multiple attacks force CISA to order agencies to upgrade or remove endoflife Ivanti appliance The Record from Recorded Future News