Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. [TechWeb]( Follow Dark Reading: [RSS]( January 17, 2024 LATEST SECURITY NEWS & COMMENTARY [Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet]( Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor. [Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE]( Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments. [Bosch Smart Thermostat Feels the Heat From Firmware Bug]( The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user's network, or brick the device entirely, rendering HVAC unusable. [178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks]( Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion. [UAE Cyber Security Council, Khalifa University Launch Abu Dhabi Academy]( The university will also join the Emirates' National Cybersecurity Center of Excellence. [Anti-Ransomware Coalition Bound to Fail Without Key Adjustments]( International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISA Adds 9.8 'Critical' Microsoft SharePoint Bug to its KEV Catalog]( It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited. [GitLab Releases Updates to Address Critical Vulnerabilities]( Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity. [Your Cybersecurity Budget Is a Horse's Rear End]( Are historical budget constraints limiting your cybersecurity program? Don't let old saws hold you back. It's time to revisit your budget with revolutionary future needs front of mind. [Name That Toon: Cast Adrift]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( PRODUCTS & RELEASES [Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk]( [Accenture and SandboxAQ Collaborate to Help Organizations Protect Data]( [Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors]( [The Future of IT: Info-Tech LIVE 2024 Conference Announced for September]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [SEC X Account Hack Draws Senate Outrage]( Senators from both parties called the Securities and Exchange Commission's lack of MFA "inexcusable" and demand investigation into the regulator's cybersecurity lapse. LATEST FROM THE EDGE [Snyk Acquires Helios for Runtime Visibility]( Developer-security company Snyk acquired Helois, a startup specializing in capturing security-relevant data from live applications. LATEST FROM DR TECHNOLOGY [Effective Incident Response Relies on Internal and External Partnerships]( Dark Reading Research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions. LATEST FROM DR GLOBAL [Africa, Middle East Lead Peers in Cybersecurity, but Lag Globally]( Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally. WEBINARS - [DevSecOps: The Smart Way to Shift Left]( - [What's In Your Cloud?]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software]( - [IT Zero Trust vs. OT Zero Trust: It's all about Availability]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [Understanding AI Models to Future-Proof Your AppSec Program]( - [The Need for a Software Bill of Materials]( - [The Developers Guide to API Security]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=120504&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_01.17.24&sp_cid=51441&utm_content=DR_NL_Dark%20Reading%20Daily_01.17.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#da If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)