It’s like a faded Polaroid from a bygone era: The day when a computer with centralized software was safely locked away in an office. That’s because it is a bygone era for most organizations – wistfully recalled but wildly out of touch with the present. Consider just how many devices, assets and people interact with a company’s IT infrastructure today: Devices (desktops, laptops, mobile and IoT devices – corporate-owned and personal). Software and applications (increasingly cloud-based and largely outside an organization’s control). Digital assets and documents. APIs and integrations. In-hous ..read more

To Ivanti’s Valued Customers and Partners,  Our organization strives to produce the most secure solutions for Everywhere Work. Events in recent months have been humbling, and I want you to hear directly from me about the actions we are taking to ensure we emerge stronger, and our customers are more secure.  We and many others in our industry have witnessed, firsthand, the increasing complexity of the threat landscape and the specific evolution of threat-actor tactics. This activity has brought one of our products to the forefront of conversation regarding recently reported security ..read more

Microsoft Resolves 60 New CVEs Microsoft has released its lineup of updates for March 12, 2024, including updates for the Windows OS, Exchange Server, SQL Server, Office 365, Sharepoint and Defender. The release resolves 60 new CVEs and includes revisions for two previously released CVEs. There is also an advisory announcing the deprecation of Oracle Outside In for Exchange Server.   Between the Patch Tuesdays This month is pretty quiet compared to the weeks following February Patch Tuesday. Post-patch Tuesday, two vulnerabilities that were resolved in the February update were found ..read more

At Ivanti, we support the mission of our Federal and DoD customers and join with our warfighters in defending against cybersecurity threats and nation-state sponsored cyber-attacks. Ivanti offers FedRAMP certified solutions for IT Service Management and Unified Endpoint Management, and is also a leader in on-premise, disconnected and air-gapped network solutions. The Ivanti Enterprise Mobility Management solution (originally MobileIron MDM) was one of the first to be certified under the NIAP/Common Criteria Mobile Device Management Protection Profile Version 1 (NIAP MDMPP v1), has been continu ..read more

We want to thank our customers for their support and patience over the last few weeks as we navigate the recent issues affecting Ivanti Connect Secure, Policy Secure and ZTA gateways. We know that this has been a challenging time for our customers, and our team has been working around the clock, alongside world-class security experts, to bring this issue to full resolution. We will not stop until we are confident our products and our customers are protected and these vulnerabilities have been fully resolved. As of 14 February, Ivanti has a build available for all supported versions. From day o ..read more

Microsoft Resolves 73 Unique CVEs on Patch Tuesday This Patch Tuesday, Microsoft has resolved 73 new unique CVEs, two of which are confirmed to be exploited, five of which are rated as critical. In addition, seven CVEs have been reissued, one of which dates back to 2021 and was publicly disclosed and exploited on original release. The reissue is information only, but worth giving a second look to be sure you are covered. Microsoft updates this month impact the Windows OS, Office 365, Edge, Windows Defender, Sharepoint, SQL Server, Exchange Server, .Net (reissued), multiple Azure components and ..read more

Easing into 2024 with a light lineup from Microsoft and third-party updates from Google and Mozilla, and you can also expect a quarterly update from Oracle next week. Microsoft has resolved 49 new CVEs and seven CVEs from 2023 to expand the affected products to include additional updates. No public disclosures or exploited reports at this time, so business as usual. The two critical CVEs in the OS update this month are the highest risk. Get things evaluated and tested as part of your normal maintenance schedule. This month’s updates affect the Windows OS, Office 365 and SharePoint, .Net Framew ..read more

The December 12th, 2023 Patch Tuesday is one of the lightest we have seen in a while. In this update: Microsoft Apple Adobe Google Notable CVEs Patch Tuesday summary Microsoft Microsoft’s lineup is looking rather lean. No zero days! One publicly disclosed vulnerability, and 34 new unique CVEs resolved this month. There are four Critical CVEs newly resolved and three Critical CVEs that were updated with a new KB article to resolve a known issue. The updates affect the Windows OS, Office, Microsoft Edge and Windows Defender. Apple Apple released their latest round of updates resolving a total ..read more

When it comes to mobile device management versus modern device management, they may sound similar, but there’s a significant degree of difference between them. The explosive growth in these devices within enterprises makes it crucial for organizations to choose the right platform for overseeing them.   In this blog post, let’s examine:   What “mobile device management” and “modern device management” each mean. The differences and similarities between the two platforms. Why so many people confuse the two – it’s more than just the shared “MDM” acronym! What's mobile device ..read more

While remote work and hybrid work have always been a thing, they've recently become more popular, and that’s created new challenges for network security.  Some companies embrace remote work and/or hybrid work; some try to limit or reverse the trends. For some internal teams, remote work is easily achieved and often preferred. In other cases, in more hands-on and collaborative efforts, being physically onsite can be important.  The point is that there isn't a path to follow that leads to a one-size-fits-all solution for remote/hybrid work policies that protect network security. A ..read more