PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager

A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager. [TechWeb]( Follow Dark Reading: [RSS]( June 14, 2024 LATEST SECURITY NEWS & COMMENTARY [PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager]( A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager. [Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw]( Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago. [North Korea's Moonstone Sleet Widens Distribution of Malicious Code]( The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain. [How Cybercrime Empires Are Built]( Strong partnerships and collaborations between industry and law enforcement are the most critical ways to take down cybercrime groups before they grow. [Marsh Insurance: Volume of Cyber-Insurance Claims Reaches New Heights]( More claims are being made across the US and Canada compared with previous years, with healthcare organizations leading the way. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why CIO & CISO Collaboration Is Key to Organizational Resilience]( Alignment between these domains is quickly becoming a strategic imperative. [RansomHub Brings Scattered Spider Into Its RaaS Nest]( The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation. [The CEO Is Next]( If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity. [LockBit & Conti Ransomware Hacker Busted in Ukraine]( Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement. [MORE]( PRODUCTS & RELEASES [NetSPI Acquires Hubble, Adds CAASM to Complement its IEASM]( [Checkmarx Application Security Posture Management and Cloud Insights Offer Enterprises Code-to-Cloud Visibility]( [KnowBe4 Launches Risk & Insurance Partner Program]( [DNSFilter Welcomes Cisco Veteran TK Keanini As CTO]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [TellYouThePass Ransomware Group Exploits Critical PHP Flaw]( An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface. LATEST FROM THE EDGE [4 Ways to Help a Security Culture Thrive]( Creating and nurturing a corporate environment of proactive cybersecurity means putting people first — their needs, weaknesses, and skills. LATEST FROM DR TECHNOLOGY [Nvidia Patches High-Severity Flaws in GPU Drivers]( Nvidia's latest GPUs are a hot commodity for AI, but security vulnerabilities could expose them to attacks from hackers. LATEST FROM DR GLOBAL [AI Chatbot Fools Scammers & Scores Money-Laundering Intel]( Experiment demonstrates how AI can turn the tables on cybercriminals, capturing bank account details of how scammers move stolen funds around the world. WEBINARS - [Intruders in the Library: Exploring DLL Hijacking Using Cortex XDR Analytics]( - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Google Threat Intelligence]( - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [SecOps Checklist]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124056&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_06.14.24&sp_cid=53951&utm_content=DR_NL_Dark%20Reading%20Daily_06.14.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#8b If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)