Tag: U.S. Cybersecurity Agency

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
News

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

A serious issue that has been fixed and affects Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core was added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its list of known exploited vulnerabilities (KEV) on Thursday. The agency stated that the flaw is being actively exploited in the field. Concerning CVE-2023-35082 (CVSS score: 9.8), this vulnerability is an authentication bypass that is a workaround for another vulnerability in the same solution that is being tracked as CVE-2023-35078 (CVSS score: 10.0). "If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users' personally identifiable information and make limited changes to the server read more U.S. Cybersecurity Agency Warns of Actively E...
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
News

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

Six new vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) database by the U.S. Cybersecurity and Infrastructure Security Agency due to active exploitation. These include the three weaknesses that Apple fixed this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), the two VMware faults (CVE-2023-20867 and CVE-2023-20887), and the one flaw affecting Zyxel devices (CVE-2023-27992). According to reports, the zero-day vulnerabilities CVE-2023-32434 and CVE-2023-32435, both of which permit code execution, were used to distribute spyware as part of a multi-year cyber espionage campaign that started in 2019 read more US Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog. Stay one step ahead of cyber threats with ReconBee.com. E...