Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products — CVE-2023-46805 and CVE-2024-21887— that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions (Version 9.x and 22.x). Volexity assisted in identifying and…

A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released…

Ransomware attacks can be devastating for organizations, causing significant damage to operations and reputations. Therefore, it’s crucial to prepare for such an eventuality with a comprehensive ransomware response plan. However, it’s also essential to understand that ransomware readiness assessments aren’t a one-size-fits-all solution. Let’s explore why a tailored approach to ransomware readiness assessments is necessary…

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers….

Identity and security are more important than ever in today’s “work from anywhere” world. As companies adapt to remote workforces and the use of personal devices, the need for secure authentication has become paramount. The solution uses a zero trust authentication paradigm that ensures confidence in user and device identity on a real-time, continuous basis….

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million. Through decentralization and blockchain technology, there are an increasing number of…

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Nearly two dozen journalists and other staffers working for El Faro, a digital newspaper based in El Salvador, are suing NSO Group for unleashing Pegasus spyware — malware they say was used to steal their most sensitive information, putting their safety in danger. Along with ASO Group Technologies, its Israeli parent company, Q Cyber Technologies…

Zero trust is a concept that’s easy to grasp but incredibly difficult to implement. It touches almost every system, component, application, and resource within an enterprise, and requires a strategic framework and specific tools and technologies to achieve best practice results. As organizations move Microsoft environments towards zero trust, it’s vital to ensure that all…