tldrdaily.news logo
Tag

Patch Management

All articles tagged with #patch management

Feds told to patch BeyondTrust flaw within 3 days after active exploitation
technology16 days ago

Feds told to patch BeyondTrust flaw within 3 days after active exploitation

CISA ordered Federal civilian agencies to patch BeyondTrust Remote Support and Privileged Remote Access within three days after CVE-2026-1731, a remote code execution flaw that’s been actively exploited. SaaS instances were patched by BeyondTrust on Feb 2, 2026, but on-premise deployments require manual updates. Exploitation can allow unauthenticated remote code execution, risking system compromise, data exfiltration, and service disruption. Threat intel reports active exploitation and about 11,000 exposed instances (roughly 8,500 on‑premises). The agency added the CVE to its Known Exploited Vulnerabilities catalog and urged mitigations or discontinuation per vendor guidance under BOD 22-01.

via BleepingComputer|
#beyondtrust#cybersecurity#government
CISA orders urgent patch for actively exploited SCCM flaw
security19 days ago

CISA orders urgent patch for actively exploited SCCM flaw

CISA directed federal agencies to patch CVE-2024-43468, a SQL injection flaw in Microsoft Configuration Manager (SCCM) that is now being actively exploited in attacks. The vulnerability was patched by Microsoft in October 2024, but exploitation was later shown in PoC code, and CISA warns that unpatched systems pose significant risk. Agencies must apply mitigations by March 5 under BOD 22-01, and CISA recommends that organizations outside federal use vendor guidance to secure affected systems as soon as possible.

via BleepingComputer|
#cisa#cve-2024-43468#cybersecurity
Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch
technology23 days ago

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|
#enterprise-security#patch-management#remote-code-execution
Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued
security1 month ago

Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued

Ivanti disclosed two critical RCE zero-day flaws in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) exploited in the wild at a limited number of customers. Both flaws score 9.8 and can run arbitrary code remotely without authentication. Ivanti released RPM-based mitigations for affected EPMM versions, noting no downtime is required but hotfixes must be reapplied after any version upgrade; a permanent fix arrives with EPMM 12.8.0.0 in Q1 2026. Exploitation can reveal administrator and user data, device details, and location (if enabled), and attackers could alter configurations via the API or web console. Defenders can detect activity via a specific Apache access-log regex, though logs can be altered by attackers. Recovery guidance includes restoring from a known-good backup or rebuilding, resetting local and service accounts' passwords, rotating certificates, and reviewing Sentry logs. CISA has added CVE-2026-1281 to KEV; federal agencies must patch or decommission affected systems by Feb 1, 2026.

via BleepingComputer|
#epmm#ivanti#patch-management
Over 46,000 Grafana Instances Vulnerable to Account Takeover
technology8 months ago

Over 46,000 Grafana Instances Vulnerable to Account Takeover

Over 46,000 Grafana instances remain unpatched despite a critical vulnerability (CVE-2025-4123) that allows attackers to execute malicious plugins and hijack accounts through a client-side open redirect flaw. The vulnerability, discovered by Alvaro Balada and addressed in May, affects multiple versions, but many remain vulnerable, posing a significant security risk. Upgrading to the latest secure versions is recommended to mitigate potential exploits.

via BleepingComputer|
#account-takeover#cve-2025-4123#grafana
"Cisco Patches Critical Vulnerability in Unity Connection Software"
cybersecurity2 years ago

"Cisco Patches Critical Vulnerability in Unity Connection Software"

Cisco has released software updates to fix a critical vulnerability (CVE-2024-20272) in its Unity Connection software that could allow attackers to execute arbitrary commands on the system. The flaw, discovered by security researcher Maxim Suslov, affects versions 12.5 and earlier, as well as version 14. Users are advised to update to the fixed versions to mitigate potential threats. Additionally, Cisco has addressed 11 medium-severity vulnerabilities in its software, but will not release a fix for a command injection bug in WAP371 due to end-of-life status, recommending customers to migrate to the Cisco Business 240AC Access Point.

via The Hacker News|
#cisco#cve-2024-20272#cybersecurity
"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"
cybersecurity2 years ago

"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six known exploited vulnerabilities, including high-severity flaws affecting Apple, Apache, Adobe, D-Link, and Joomla, with evidence of active exploitation. These vulnerabilities pose risks such as remote code execution and improper access control. CISA has urged federal agencies to apply patches to secure their networks against these active threats by January 29, 2024.

via The Hacker News|
#cisa#cybersecurity#exploitation