![]() The following is a screenshot of this new feature: We then added the results of this scanning as a new product feature to filter by the newest vulnerability identified by CISA and Pulse Secure, CVE 2021-22893, within the product allowing users to quickly determine whether their own organization and/or their vendors may have vulnerable instances of this vulnerability arising from compromised versions of the Pulse Secure product. SecurityScorecard has used its proprietary technology to scan the internet for publicly available data to find instances of this zero-day. Zero-day attacks happen before anyone, often even the software developer itself, is even aware of the existence of the vulnerabilities, let alone devised a patch or other mitigation strategy. These vulnerabilities are known as zero-day vulnerabilities because they were exploited before a patch is available to mitigate them. These vulnerabilities are currently being exploited and have affected both government agencies and private companies. Pulse Secure, owned by Ivanti, also released an alert. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) issued a Cyber Activity Alert (AA21-110A) and an Emergency Directive (21-03) regarding vulnerabilities in Pulse Connect Secure products, which are popular virtual private network (VPN) remote access solutions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |