Ivanti is warning customers that a critical vulnerability that impacts its VPN appliances and other products has already been exploited in the wild by a Chinese APT group. The flaw was originally flagged by Ivanti as a denial-of-service issue, but attackers figured out how to exploit it for remote code execution. The vulnerability, now tracked…
Category: Network Security, Vulnerabilities
Exploits, Global Security News, Network Security, Vulnerabilities
Surge in threat actors scanning Juniper, Cisco, and Palo Alto Networks devices
A surge in internet probes targeting devices from Juniper Networks, Cisco Systems, and Palo Alto Networks should put their admins on alert, say security experts. A threat actor is probing the internet using default credentials for a Juniper Networks router, prompting a cybersecurity expert to warn network admins to change the login combo from the…
Exploits, Global Security News, Network Security, Vulnerabilities
Attackers probing backdoor flaw in popular Cisco Smart Licensing Utility, warns SANS
Organizations running Cisco’s Smart Licensing Utility (CSLU) should update their software as soon as possible to fix two serious vulnerabilities, the SANS Technology Institute has urged. The CSLU is a tool used primarily in smaller, on-premises and air-gapped networks as a way to manage Cisco licenses without having to resort to the more complex cloud-based…
Exploits, Global Security News, Network Security, Vulnerabilities
SonicWall firewall hit with critical authentication bypass vulnerability
SonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication. The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit. “We have identified a high (severity) firewall…