Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

So far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products. [TechWeb]( Follow Dark Reading: [RSS]( April 05, 2024 LATEST SECURITY NEWS & COMMENTARY [Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed]( So far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products. [Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection]( A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations. [Malicious Latrodectus Downloader Picks Up Where QBot Left Off]( Initial access brokers are using the new downloader malware, which emerged just after QBot's 2023 disruption. [SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign]( A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company. [How CISOs Can Make Cybersecurity a Long-Term Priority for Boards]( Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned. [Cyberattack Shutters Some Operations at Japanese Lens Manufacturer]( Tokyo-based eyeglass and medical lens-maker Hoya said the attack has halted production processes in some locations as well as an ordering system for some of its products. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How Soccer's 2022 World Cup in Qatar Was Nearly Hacked]( A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. [The Biggest Mistake Security Teams Make When Buying Tools]( Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish. [LockBit Ransomware Takedown Strikes Deep Into Brand's Viability]( Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention. [Why Cybersecurity Is a Whole-of-Society Issue]( Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves. [MORE]( PRODUCTS & RELEASES [Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks]( [More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud]( [CyberRatings.org Announces Test Results for Cloud Network Firewall]( [TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Feds to Microsoft: Clean Up Your Cloud Security Act Now]( A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials. LATEST FROM THE EDGE [AI's Dual Role in SMB Brand Spoofing]( Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back. LATEST FROM DR TECHNOLOGY [How to Tame SQL Injection]( As part of its Secure by Design initiative, CISA urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how. LATEST FROM DR GLOBAL [Thousands of Australian Businesses Targeted With 'Reliable' Agent Tesla RAT]( Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware. WEBINARS - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise]( - [Securing Code in the Age of AI]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Enterprises Secure Their Applications]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Causes and Consequences of IT and OT Convergence]( - [Secure Access for Operational Technology at Scale]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122611&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.05.24&sp_cid=52883&utm_content=DR_NL_Dark%20Reading%20Daily_04.05.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#df If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)