Ivanti's Perfect-10 Bug 💥 & ServiceNow's Tenant Leak 🩹
Two stories dominate today's security news, and both are reminders that even the tools businesses trust to keep them secure can become the weak link. Here's what happened and why it matters.
A "Perfect 10" Bug Just Hit Ivanti's Gateways
Ivanti is urging customers to patch its Sentry product immediately after researchers found two critical flaws, one rated a maximum severity score of 10.0 out of 10. The bugs let an attacker with no login credentials break into a vulnerable gateway and gain full root access, or create their own admin account from scratch. One flaw works by abusing an exposed management API to sneak in commands that run with the highest level of system privilege. If your organization uses Ivanti Sentry to manage mobile devices or secure remote access, this is the kind of bug that gets exploited within days of going public. Ivanti has released fixes (versions 10.5.2, 10.6.2, and 10.7.1) and patching now should be at the top of any IT team's list.
ServiceNow Bug Let Outsiders Peek Into Customer Data
ServiceNow, the platform millions of companies rely on for IT and HR workflows, confirmed that a misconfigured setting allowed unauthenticated users to query data from some customer accounts. Attackers took advantage of this starting around June 2nd, running searches against a subset of tenant databases before the issue was caught and fixed. ServiceNow says it traced the problem back to reports submitted through its bug bounty program and has directly notified the customers affected. The takeaway for any business: even massive, well-resourced platforms can have configuration slip-ups that expose your data, which is why monitoring vendor security notices and reviewing your own access logs matters just as much as locking down your own systems.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment