Insights

Service improves operational efficiencies and costs caused by siloed and redundant cloud security tools

Integrity360 enables organisations to fully optimise their AI investment with launch of Managed dSOC Services underpinned by Darktrace’s ActiveAI Security Platform

Severity: Critical
CVSSv3 Score: 9.8 
Date: Oct 23, 2024

Overview: Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Exploiting these vulnerabilities effectively enables remote attackers to execute SQL statements through SQL injection, run arbitrary code via command injection, and bypass security restrictions by taking advantage of a path traversal weakness in vulnerable CSA gateways, which provide secure access to internal network resources for enterprise users.

In today's digital-first world, cloud security is more critical than ever. Microsoft Defender for Cloud Apps (MDCA) offers a comprehensive and intelligent solution for securing cloud environments. At Integrity360, we help organisations harness its full potential. From tailored implementation and integration to ongoing monitoring, compliance management, and optimisation, our managed services ensure your cloud infrastructure is secure, compliant, and resilient against threats.

Fortinet –  CVE-2024-23113 (CVSS score: 9.8)

This vulnerability was initially published on 08 February 2024.

Overview: A newly reported vulnerability in the Common Unix Printing System (CUPS) poses a significant security threat to UNIX-based systems, including Linux and macOS. Security researcher Simone Margaritelli has published the first of a series of blog posts detailing the issue, which can be exploited by sending a specially crafted HTTP request to the CUPS service. This vulnerability allows remote attackers to gain access to affected systems and execute arbitrary code, potentially escalating privileges and compromising critical assets.

New service addresses the resource gap that can result from CTEM

London/Dublin/Cape Town – 28th August 2024 – As part of its global expansion plan Integrity360 has acquired Grove Group, a long standing cyber security and cloud services company headquartered in Cape Town, South Africa.  

 

In response to cyber security threats, the European Union has introduced the NIS2 Directive, a comprehensive update to the original Network and Information Systems (NIS) Directive. The new regulations are set to take effect by October 17th, 2024. 

Overview: A critical vulnerability, CVE-2024-38063, has been identified in the Windows TCP/IP stack, impacting nearly all versions of Windows, including servers and workstations. This vulnerability, which affects the implementation of IPv6, is particularly concerning due to its potential to grant an attacker SYSTEM-level privileges, the highest level of access on a Windows machine. 

The PCI Council has released valuable insights on Vulnerability Scans & ASV Guidance, particularly beneficial for SAQ A merchants.