Mobile devices have radically changed the way we work and collaborate. But along with the exponential growth in the use of smartphones and mobile apps has come a surge in vulnerabilities and exploits.  The power of mobile communication allows work to be done anywhere, anytime, by employees who are accessing ever-higher volumes of data to do their jobs. Mobile apps have become so ubiquitous and powerful that developers are making them more and more sophisticated to deliver higher-value services, experiences and data.   Not surprisingly, this has created an escalating vulnerabilit ..read more

Leading up May’s Patch Tuesday, we have a pair of zero-day vulnerabilities in Google Chrome and Microsoft Edge as well as a zero-day in macOS. Microsoft has also included a pair of zero-day vulnerabilities in their update, adding to a total of 61 CVEs resolved. Mozilla and Adobe are adding the lineup of third-party updates releasing today. Microsoft Patch Tuesday Updates Microsoft resolved an Elevation of Privilege vulnerability in Windows DWM Core Library (CVE-2024-30051) which has been confirmed to be exploited. An attacker who exploits this vulnerability could gain SYSTEM privileges on the ..read more

The exciting benefits of digital transformation and automation — global interconnectedness, efficient operations, greater business outcomes — have come with an equal measure of concern over digital safety. It has become clear that to safely realize the benefits of digital acceleration, as an industry we must take bold steps toward securing the digital landscape and mitigating cybersecurity threats.  At Ivanti this evolution is already under way — and we are committed to being at the very front of the movement. As a company, we have always believed that our customers’ interests – including ..read more

It is April already! For the fourth Patch Tuesday of 2024 there is more to consider than just what is being released on Patch Tuesday. There are a number of vendors who have released security updates leading up to Patch Tuesday, and more to come in the following weeks. Recent Security Updates Ivanti released security updates for Ivanti Connect Secure and Policy Secure on April 4. The updates resolve four CVEs. For more information on updates, see the blog update and security advisory.   Apple has released a number of security updates for visionOS, iOS, iPadOS, macOS and Safari betwe ..read more

It’s like a faded Polaroid from a bygone era: The day when a computer with centralized software was safely locked away in an office. That’s because it is a bygone era for most organizations – wistfully recalled but wildly out of touch with the present. Consider just how many devices, assets and people interact with a company’s IT infrastructure today: Devices (desktops, laptops, mobile and IoT devices – corporate-owned and personal). Software and applications (increasingly cloud-based and largely outside an organization’s control). Digital assets and documents. APIs and integrations. In-hous ..read more

To Ivanti’s Valued Customers and Partners,  Our organization strives to produce the most secure solutions for Everywhere Work. Events in recent months have been humbling, and I want you to hear directly from me about the actions we are taking to ensure we emerge stronger, and our customers are more secure.  We and many others in our industry have witnessed, firsthand, the increasing complexity of the threat landscape and the specific evolution of threat-actor tactics. This activity has brought one of our products to the forefront of conversation regarding recently reported security ..read more

Microsoft Resolves 60 New CVEs Microsoft has released its lineup of updates for March 12, 2024, including updates for the Windows OS, Exchange Server, SQL Server, Office 365, Sharepoint and Defender. The release resolves 60 new CVEs and includes revisions for two previously released CVEs. There is also an advisory announcing the deprecation of Oracle Outside In for Exchange Server.   Between the Patch Tuesdays This month is pretty quiet compared to the weeks following February Patch Tuesday. Post-patch Tuesday, two vulnerabilities that were resolved in the February update were found ..read more

At Ivanti, we support the mission of our Federal and DoD customers and join with our warfighters in defending against cybersecurity threats and nation-state sponsored cyber-attacks. Ivanti offers FedRAMP certified solutions for IT Service Management and Unified Endpoint Management, and is also a leader in on-premise, disconnected and air-gapped network solutions. The Ivanti Enterprise Mobility Management solution (originally MobileIron MDM) was one of the first to be certified under the NIAP/Common Criteria Mobile Device Management Protection Profile Version 1 (NIAP MDMPP v1), has been continu ..read more

We want to thank our customers for their support and patience over the last few weeks as we navigate the recent issues affecting Ivanti Connect Secure, Policy Secure and ZTA gateways. We know that this has been a challenging time for our customers, and our team has been working around the clock, alongside world-class security experts, to bring this issue to full resolution. We will not stop until we are confident our products and our customers are protected and these vulnerabilities have been fully resolved. As of 14 February, Ivanti has a build available for all supported versions. From day o ..read more

Microsoft Resolves 73 Unique CVEs on Patch Tuesday This Patch Tuesday, Microsoft has resolved 73 new unique CVEs, two of which are confirmed to be exploited, five of which are rated as critical. In addition, seven CVEs have been reissued, one of which dates back to 2021 and was publicly disclosed and exploited on original release. The reissue is information only, but worth giving a second look to be sure you are covered. Microsoft updates this month impact the Windows OS, Office 365, Edge, Windows Defender, Sharepoint, SQL Server, Exchange Server, .Net (reissued), multiple Azure components and ..read more