kev
T-1 for our product webinar 5.10 "Introducing Anchore Data Service". The latest Anchore updates are designed to help your team focus on what matters most. Learn how the CISA #KEV feed prioritizes critical vulnerabilities and how Syft integration enhances #SBOM generation. Register today https://get.anchore.com/introducing-the-anchore-data-service/
🎯 Cut through the noise with #AnchoreEnterprise 5.8's #KEV enrichment. Focus on actively exploited vulnerabilities and allocate resources effectively. ➡️ https://anchore.com/blog/anchore-enterprise-5-8-adds-kev-enrichment-feed/ #VulnerabilityScanning
🚀 #AnchoreEnterprise 5.8 is here! Now with @CISA #KEV integration for real-time insights on actively exploited vulnerabilities. Enhance your #DevSecOps pipeline today! ➡️ https://anchore.com/blog/anchore-enterprise-5-8-adds-kev-enrichment-feed/ #VulnerabilityScanning
Hot off the press! Mandiant published another Ivanti Connect Secure VPN exploitation blog post outlining additional TTPs and observations for UNC5325, a suspected Chinese cyber espionage operator.
🔗 https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
cc: @campuscodi @iagox86 @brett
#cyberespionage #IOC #TTPs #UNC5325 #China #Ivanti #ConnectSecure #vulnerability #zeroday #eitw #activeexploitation #UTA0178 #UNC5221 #CVE_2023_46805 #CVE_2024_21887 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA #CVE_2024_21888 #UNC5325
Just your periodic update from Ivanti regarding their CVE-2023-46805 (8.2 high) and CVE-2024-21887 (9.1 critical) zero-days (both disclosed 10 January 2024 as exploited in the wild, has Proofs of Concept, mass exploitation):
"Update 26 January: The targeted release of patches for supported versions is delayed, this delay impacts all subsequent planned patch releases. We are now targeting next week to release a patch for Ivanti Connect Secure (versions 9.1R17x, 9.1R18x, 22.4R2x and 22.5R1.1), Ivanti Policy Secure (versions 9.1R17x, 9.1R18x and 22.5R1x) and ZTA version 22.6R1x.
Patches for supported versions will still be released on a staggered schedule. Instructions on how to upgrade to a supported version will also be provided.
The timing of patch release is subject to change as we prioritize the security and quality of each release. Please ensure you are following this article to receive updates as they become available."
🔗 https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
#Ivanti #ConnectSecure #vulnerability #zeroday #eitw #activeexploitation #UTA0178 #UNC5221 #CVE_2023_46805 #CVE_2024_21887 #KEV #KnownExploitedVulnerabilitiesCatalog #CISA
CISA adds four Qualcomm vulnerabilities to the Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:
CVE-2023-33106 (8.4 high severity) Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVE-2023-33063 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVE-2023-33107 (8.4 high) Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVE-2022-22071 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability
These were originally identified under "limited targeted exploitation" by Google TAG and Project Zero in Qualcomm's October 2023 Security Bulletin
#CISA #KnownExploitedVulnerabilitiesCatalog #KEV #eitw #activeexploitation #CVE202333106 #CVE202333107 #CVE202333063 #CVE202222071 #Qualcomm
Hey, my first blog post at my new job.