Blogs

On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of…

“Who cares that the intern was phished during our phishing campaign? It’s an intern, they don't have access to anything important."

On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery. The critical vulnerability is tracked as CVE-2024-23897…

On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.

On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.

Two recent Ivanti CVEs are being actively exploited by suspected nation-state threat actors.

Amidst the hustle and bustle of holiday preparations and last-minute shopping, cybercriminals often take advantage of the increased online activity and spending complacency of individuals and businesses...

Over the last week, the widely reported critical security flaw in the Progress MOVEit Transfer application (CVE-2023-34362) reminded us yet again to remain vigilant in securing our IT infrastructure from potential cyber threat actors.

Gartner® recently published a report called, Emerging Tech: Grow Your Security Service Revenue with Cybersecurity Validations. We believe the report provides research from a buyer’s perspective on security services they purchase while offering guidance to MSPs and MSSPs on how to improve retention and upsell rates of the critical services they provide. So, what has…

In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation.…