all InfoSec news
Ivanti warns of new Connect Secure zero-day exploited in attacks
Jan. 31, 2024, 2 p.m. | /u/outerlimtz
cybersecurity www.reddit.com
The zero-day flaw (CVE-2024-21893) is a server-side request forgery vulnerability in the gateways' SAML component that enables attackers to bypass authentication and access restricted resources on vulnerable devices.
A second flaw (CVE-2024-21888) in the gateways' web component allows threat actors to escalate privileges to those of an administrator.
"As part of our ongoing investigation into …
access attackers attacks authentication bug bypass connect cve cve-2024-21893 cybersecurity exploitation exploited flaw forgery gateways ivanti policy request resources restricted saml server server-side request forgery today under vulnerabilities vulnerability zero-day zero-day bug zero-day flaw zta
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Principal Security Analyst - Threat Labs (Position located in India) (Remote)
@ KnowBe4, Inc. | Kochi, India
Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860
@ EY | Dallas, TX, US, 75219
Enterprise Security Architect (Intermediate)
@ Federal Reserve System | Remote - Virginia
Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas
@ Goldman Sachs | Dallas, Texas, United States
Vulnerability Management Team Lead - North Central region (Remote)
@ GuidePoint Security LLC | Remote in the United States