While the security flaw — which could be abused to facilitate arbitrary code execution — also impacts Ivanti Policy Secure versions older than 22.7R1.2 and Ivanti Neurons for ZTA Gateways older than 22.7R2.3, such devices have not been subjected to attacks, according to Ivanti.
More files are being continuously added to the bucket, which has remained unprotected since its discovery in June, according to Cybernews researchers who disputed the purportedly end-to-end encrypted nature of the stored logs.
In a recent blog post, ESET highlighted the heightened security risks tied to the termination of updates for Windows 10 scheduled for October 2025 and noted that cybercriminals are likely to exploit vulnerabilities once support ends.
The issue impacted Nessus Agent versions 10.8.0 and 10.8.1 and rendered agents offline in regions including the Americas, Europe, and Asia. Tenable halted plugin updates to contain the problem and later released version 10.8.2 to address the shutdown issue.
Aside from failing to address cybersecurity vulnerabilities in its systems that could have prevented the sweeping data breach, T-Mobile also improperly informed impacted individuals regarding the extent of the incident, according to Washington State Attorney General Bob Ferguson.
The compromise commences with the delivery of a CLDAP referral response packet to disrupt the Local Security Authority Subsystem Service before the subsequent sending of a DCE/RPC request to the targeted machine and the eventual designation of the victim's machine as an LDAP client that requests for CLDAP from the attacker's machine.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
