Ivanti Server-Side Request Forgery to Auth-Bypass

Overview Ivanti disclosed a couple more vulnerabilities — server-side request forgery (CVE-2024-21893) and a privilege escalation (CVE-2024-21888) vulnerability. This disclosure comes only a few weeks after confirming an exploit chain impacting Ivanti Connect Secure and […]

The SonicWall Partner Awards: Celebrating Partner Excellence in 2023

2023 was a pivotal year for SonicWall. We spent a good part of the year working on how to better support our partners, and the result was an enhanced SecureFirst Partner Program, better enablement, and […]

4 Ways MDR Can Offer MSPs Greater Possibilities, Profitability and Peace of Mind

It was repeated nightly on television for decades: “It’s 10 p.m. Do you know where your children are?” The goal was to get parents to double-check that their kids were back home for the evening […]

Jenkins CLI Data Leak Vulnerability

Overview The SonicWall Capture Labs threat research team became aware of the Jenkins CLI (command-line-interface) arbitrary file read vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Jenkins is a Java-based automation tool […]

Blackwood APT Group Has a New DLL Loader

Overview This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt […]

This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish Chinese (Simplified)