Ivanti Endpoint Manager Vulnerabilities Allows Attackers To Extract Sensitive Information

Ivanti Endpoint Manager Vulnerabilities Allows Attackers To Extract Sensitive Information

Ivanti addressed multiple severe vulnerabilities in its Endpoint Manager (EPM) software, potentially exposing organizations to significant data breaches.

The most alarming of these flaws are four critical path traversal vulnerabilities that could allow unauthorized access to sensitive information.

The vulnerabilities, identified as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, all carry a CVSS score of 9.8 out of 10, indicating their extreme severity.

Here are the specifics of each vulnerability:

CVE Number Description CVSS Score
CVE-2024-10811 Absolute path traversal allowing remote attackers to leak sensitive information. 9.8 (Critical)
CVE-2024-13161 Absolute path traversal enabling unauthorized access to sensitive files. 9.8 (Critical)
CVE-2024-13160 Path traversal vulnerability allowing data leakage by unauthenticated users. 9.8 (Critical)
CVE-2024-13159 Path traversal flaw that can be exploited remotely to access confidential information. 9.8 (Critical)

These flaws affect Ivanti EPM versions before the 2024 January 2025 Security Update and the 2022 SU6 January 2025 Security Update.

Each of these vulnerabilities is an absolute path traversal flaw, which allows a remote, unauthenticated attacker to leak sensitive information from affected systems.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The Common Weakness Enumeration (CWE) associated with these vulnerabilities is CWE-36, which refers to Absolute Path Traversal.

Zach Hanley, a security researcher at Horizon3.ai, is credited with discovering and reporting these vulnerabilities.

While Ivanti states that they are not aware of any exploitation of these vulnerabilities in the wild, the potential for abuse remains high given their critical nature.

In addition to the EPM vulnerabilities, Ivanti has also patched several other products, including Avalanche and the Application Control Engine.

These updates address various high-severity bugs that could allow attackers to bypass authentication, leak sensitive information, and circumvent application-blocking functionality.

The discovery of these vulnerabilities highlights the ongoing challenges in securing enterprise management software.

Endpoint Manager, being a crucial tool for managing device endpoints within a network, presents an attractive target for cybercriminals.

A successful exploit could potentially give attackers access to a wealth of sensitive corporate data and control over managed devices.

Ivanti has urged all customers to apply the patches as soon as possible. The company has provided detailed instructions on how to download and apply the patches in their security advisory.

Organizations using Ivanti EPM are strongly advised to update their systems immediately to mitigate the risk of potential attacks.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The post Ivanti Endpoint Manager Vulnerabilities Allows Attackers To Extract Sensitive Information appeared first on Cyber Security News.

 Read More 

 

FTC Warns GoDaddy for Inadequate Security Practices in Website Hosting Services

FTC Warns GoDaddy for Inadequate Security Practices in Website Hosting Services

The Federal Trade Commission (FTC) has taken significant action against GoDaddy, one of the world’s largest web hosting companies, for failing to implement adequate security measures to protect its customers’ data.

The FTC alleges that GoDaddy’s “unreasonable security practices” led to several major breaches between 2019 and 2022, exposing sensitive customer information and putting millions of businesses and consumers at risk.

According to the FTC, GoDaddy failed to adopt basic cybersecurity practices necessary to safeguard its hosting services. The company allegedly neglected critical measures such as:

  1. Conducting regular software updates and patch management.
  2. Implementing multi-factor authentication (MFA) for administrative access.
  3. Logging and monitoring security-related events.
  4. Segmenting its network to prevent lateral movement by attackers.
  5. Securing connections to sensitive systems, such as APIs.

The FTC also accused GoDaddy of misleading customers through marketing claims that it provided robust security.

Despite assurances of “24/7 network security” and adherence to international privacy frameworks like the EU-U.S. Privacy Shield, the FTC found these claims to be false or misleading.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Impact Of Security Failures

GoDaddy’s lapses in cybersecurity resulted in multiple breaches that compromised customer websites and data. Notable incidents include:

1. 2019-2020 Breach: Attackers exploited vulnerabilities in GoDaddy’s hosting environment, gaining unauthorized access for over six months. They replaced application files with malicious versions, compromising login credentials for approximately 28,000 customers and 199 employees.

2. 2021 WordPress Breach: Hackers accessed an insecure API, exposing sensitive data from 1.2 million customers, including email addresses, private encryption keys, and database credentials.

3. 2022 Recurrence: A threat actor exploited leftover vulnerabilities from earlier breaches, redirecting visitors of customer websites to malicious sites.

These incidents not only harmed businesses relying on GoDaddy’s services but also endangered consumers visiting affected websites. Victims faced risks such as identity theft, financial fraud, and exposure to malware.

FTC’s Actions And Settlement

In response to these failures, the FTC has mandated that GoDaddy overhaul its cybersecurity practices under a proposed settlement agreement. Key requirements include:

  1. Establishing a comprehensive information-security program.
  2. Implementing MFA across all administrative accounts.
  3. Conducting regular third-party assessments of its security measures.
  4. Ensuring secure connections for all API communications.

The settlement prohibits GoDaddy from making false claims about its security practices in the future. While the company did not admit wrongdoing or face monetary penalties, non-compliance with the order could result in fines of up to $51,744 per violation.

GoDaddy stated that it has already implemented many of the FTC’s recommended measures and remains committed to improving its cybersecurity defenses.

“We are focused on protecting our customers’ data and websites,” a company spokesperson said. “We continue to invest in technologies, tools, and expertise to enhance system and information security.”

The company emphasized that it expects minimal financial impact from complying with the settlement terms.

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, highlighted the importance of this case: “Millions of small businesses rely on hosting providers like GoDaddy to secure their websites.

The FTC is acting to ensure companies strengthen their security frameworks to protect consumers worldwide.”

This action underscores the FTC’s commitment to holding companies accountable for cybersecurity failures that put consumers at risk.

Similar enforcement actions have been taken against other major firms like Marriott International for comparable lapses in data protection.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The post FTC Warns GoDaddy for Inadequate Security Practices in Website Hosting Services appeared first on Cyber Security News.

 Read More 

 

Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes

Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes

A recent cyberattack mimicking the notorious Black Basta ransomware group’s tactics targeted one of SlashNext’s clients, bombarding 22 user inboxes with 1,165 malicious emails in just 90 minutes.

This rapid-fire attack, aimed at huge user bases and bypassing traditional security measures, showcases the evolving sophistication of modern phishing campaigns.

The attack began when the client’s Security Operations Center (SOC) detected a sudden surge of suspicious emails.

Upon investigation, the client found that their Secure Email Gateway (SEG) had indeed flagged an increase in malicious activity.

Turning to the SlashNext phishing-defense tool, part of their Integrated Cloud Email Security (ICES) offering, they quickly identified hundreds of suspicious messages targeting a small group of users.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Attack Tactics

The Black Basta-style attack employed several sophisticated techniques:

  1. Platform Impersonation: Attackers posed as popular platforms like WordPress and Shopify, using legitimate-looking domains to send fake account creation and subscription emails.
  2. Sneaky Domains: Messages originated from seemingly harmless domains like genomelink.io and mandrillapp.com, carefully chosen to evade simple filters.
  3. Character Obfuscation: Subject lines included unusual characters or minor variations to bypass basic keyword checks and confuse recipients.
  4. Varied Account Types: Emails referenced different user roles to increase the chances of catching someone’s attention.
  5. Psychological Triggers: Urgent phrases like “Your account has been created” were used to create a sense of panic and prompt hasty actions.

SlashNext’s AI-powered SEER technology played a crucial role in mitigating this threat. Unlike traditional filters, SEER™ analyzes email behavior in real-time, allowing it to detect malicious content even when hidden behind strange symbols or encoded text. The system identified several attack patterns, including:

  • URLs leading to fake login pages
  • Domain spoofing using subdomains
  • Encoded URLs launching harmful software when clicked

By focusing on behavior rather than just appearances, SEER successfully flagged and blocked each suspicious email in real-time, protecting users from potential compromise.

This attack highlights the ongoing evolution of phishing tactics, particularly those associated with ransomware groups like Black Basta.

SlashNext’s success in preventing this attack underscores the importance of AI-powered, behavior-based email security systems in today’s threat landscape.

As attacks become more sophisticated and rapid, traditional security measures may struggle to keep pace. By combining real-time analysis, AI-driven detection, and continuous innovation, solutions like SlashNext’s ICES platform offer businesses a robust defense against emerging email threats.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates

The post Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes appeared first on Cyber Security News.

 Read More