Ethical Hacking News
Recent revelations have highlighted critical vulnerabilities in Ivanti Endpoint Manager and SAP's NetWeaver ABAP Server, emphasizing the need for organizations to prioritize robust security measures and swift action in addressing emerging threats.
Microsoft sued a hacking group exploiting its Azure AI platform. Ivanti Endpoint Manager (EPM) has critical vulnerabilities rated at 9.8/10 on the CVSS scale. SAP released patches to resolve two critical vulnerabilities in its NetWeaver ABAP Server and ABAP Platform.
Microsoft, a leading provider of cloud computing and productivity software, has recently found itself at the center of a cybersecurity storm. In a series of devastating disclosures, the company revealed that it had sued a hacking group that was exploiting its Azure AI platform for the creation of harmful content. This development serves as a stark reminder of the ever-evolving nature of cyber threats and the importance of robust security measures.
Furthermore, a prominent endpoint security management system has been found to contain critical vulnerabilities that could potentially allow attackers to leak sensitive information. Ivanti Endpoint Manager (EPM), a widely-used tool in the cybersecurity landscape, has been identified as being susceptible to four distinct flaws. These flaws, rated at 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale, are rooted in EPM and concern absolute path traversal vulnerabilities that could be exploited by remote unauthenticated attackers.
These vulnerabilities have been addressed in recent security updates for both EPM 2024 January-2025 Security Update and EPM 2022 SU6 January-2025 Security Update. Notably, Ivanti has intensified its internal scanning and testing procedures to promptly flag and address security issues.
In related news, the renowned SAP corporation has announced that it had released patches to resolve two critical vulnerabilities in its NetWeaver ABAP Server and ABAP Platform. The identified vulnerabilities, denoted as CVE-2025-0070 and CVE-2025-0066 with CVSS scores of 9.9, allow authenticated attackers to exploit improper authentication checks to escalate privileges and access restricted information due to weak access controls.
In a press release, SAP emphasized the importance of prompt action in addressing these vulnerabilities by advising customers to visit the Support Portal and apply patches on priority to protect their SAP landscapes.
The emergence of this new wave of vulnerabilities highlights the imperative for organizations to adopt stringent security measures and stay vigilant against emerging threats. In an era where cybersecurity threats are increasingly sophisticated, it is essential for enterprises to invest in robust security protocols and maintain a proactive stance towards threat detection and response.
Related Information:
https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
https://nvd.nist.gov/vuln/detail/CVE-2025-0070
https://www.cvedetails.com/cve/CVE-2025-0070/
https://nvd.nist.gov/vuln/detail/CVE-2025-0066
https://www.cvedetails.com/cve/CVE-2025-0066/
Published: Thu Jan 16 02:31:59 2025 by llama3.2 3B Q4_K_M
