all InfoSec news
Ivanti warns of new Connect Secure zero-day exploited in attacks
Jan. 31, 2024, 2 p.m. | /u/outerlimtz
cybersecurity www.reddit.com
The zero-day flaw (CVE-2024-21893) is a server-side request forgery vulnerability in the gateways' SAML component that enables attackers to bypass authentication and access restricted resources on vulnerable devices.
A second flaw (CVE-2024-21888) in the gateways' web component allows threat actors to escalate privileges to those of an administrator.
"As part of our ongoing investigation into …
access attackers attacks authentication bug bypass connect cve cve-2024-21893 cybersecurity exploitation exploited flaw forgery gateways ivanti policy request resources restricted saml server server-side request forgery today under vulnerabilities vulnerability zero-day zero-day bug zero-day flaw zta
More from www.reddit.com / cybersecurity
How does hiring in APT groups work?
15 hours ago |
www.reddit.com
State of WiFi Security in 2024
16 hours ago |
www.reddit.com
Prioritize Blue Team for Cybersecurity Success
18 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)