Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again
It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.
Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing AttacksHackers have been exploiting a zero-day vulnerability dubbed "ToolShell" in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches, experts warn administrators to also rotate keys, to help eject attackers.
Surge in Attack Attempts Spotted After Palo Alto Networks Details and Patches FlawAttackers have stepped up efforts to exploit a vulnerability in the software that runs Palo Alto Networks firewall appliances that could give them direct access to the underlying software. Unauthenticated hackers could use PHP scripts to bypass the PAN-OS management web interface.
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.