March 8, 2024
CVEs: CVE-2024-1708; CVE-2024-1709 Summary On Feb. 13, 2024, ConnectWise was notified of two vulnerabilities in their remote access tool ScreenConnect. On Feb. 19, 2024, ConnectWise publicly disclosed two new high severity and critical vulnerabilities patched in its remote access tool ScreenConnect Version 23.9.8, with the following CVEs: CVE-2024-1708 Path-Traversal vulnerability (CWE-22) and CVE-2024-1709 Authentication Bypass vulnerability (CWE-288). These vulnerabilities can be exploited to deliver Remote Access Trojans (RATs), Ransomware, Cryptocurrency miners, Stealer malware and many others. CVE Description CVSSv3 Severity CVE-2024- 1709 (CWE-288) Authentication Bypass Using Alternate Path or Channel 10.0 Critical CVE-2024- 1708 (CWE-22) Improper Limitation of a Pathname to…
February 28, 2024
Summary This security bulletin focuses on understanding the sophisticated exploitation of critical n-day and zero-day vulnerabilities in VPN and other network devices by state-sponsored threat actors, reinforcing the urgency for organizations to prioritize patching vulnerabilities in appliances known to be targeted. The recent exploitation of the critical FortiOS vulnerability followed a disclosure by CISA and other federal agencies revealing that China-linked threat group Volt Typhoon has been known to exploit network appliances from several vendors including Fortinet. Fortinet released a blog post to coincide with the U.S. agencies’ advisory, which pointed to “the need for organizations to have a robust…
Senior Product Manager
February 22, 2024
Securing the over three billion IoT devices globally connected to corporate systems via mobile networks presents a formidable and growing challenge for organizations worldwide. Driven by the adoption of newer IoT-specific cell technologies like LTE-M, NB-IoT, and LTE-Cat 1, along with a boom in 5G module shipments as older 2G and 3G modules are phased out, the number of cell-connected IoT devices is growing 27 percent a year, taking market share from Wi-Fi and Bluetooth connections. My recent collaboration with the network and security team of one of our industrial customers provided a front-row seat to the complexities of safeguarding…
February 15, 2024
Introduction: Interest in SASE has exploded with CIOs and CISOs alike. The promise of dramatic cost reductions, security improvements and improved agility delivered by a converged networking (SD-WAN) and security (SSE) infrastructure is compelling. However, today’s SASE solutions are commonly delivered on a shared global infrastructure of PoPs provisioned by a handful of technology vendors. This approach doesn’t always meet everyone’s requirements. A “shared” SASE approach is generally good enough for many companies, delivering unified networking and security capabilities with fast time to market and cloud/SaaS economics. But because these shared services lack any ability to control and manage service…
February 7, 2024
CVEs: CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893 Summary Recently, Ivanti Connect Secure appliances have faced active exploitation through a series of linked vulnerabilities of high or critical severity. On January 10, 2024, Ivanti disclosed two new vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 (high severity authentication bypass vulnerability) and CVE-2024-21887 (critical severity command injection vulnerability).
January 24, 2024
To 100G and Beyond: The Next Frontier for SASE In the ever-evolving landscape of enterprise networking and security, a significant transformation is underway. Siloed, point product infrastructures are giving way to a Secure Access Service Edge (SASE) approach, driven by the rapid adoption of cloud technologies, the increased reliance on collaboration tools, and the emergence of hybrid work models.
January 17, 2024
Cyber adversaries will stop at nothing to compromise any military systems, data, and missions. That’s why the U.S. Department of Defense (DOD) is adopting zero trust—a security framework that presumes networks are compromised and counters threats by design. All DOD organizations are expected to achieve “Target Level” Zero Trust Architecture by 2027. This requires multiple security functions to identify, authenticate, and authorize users or devices based on posture to securely connect to applications. As a result, the DOD turned to Booz Allen and Versa Networks to develop a security hardened Zero Trust Edge approach that will transform the DOD’s infrastructure…
Systems Engineer, Versa Networks
January 5, 2024
In today’s digital era, businesses require seamless connectivity and optimal application performance across their globally dispersed sites to stay productive. Combining Versa Networks Software-Defined Wide Area Networking (SD-WAN) with Hyperscalers‘ “private highways” is an innovative approach to achieve this goal.
Chief Marketing Officer, Versa Networks
December 14, 2023
Looking to learn the signs why its time to consider a new SD-WAN? Explore the key indicators that your current SD-WAN might be falling short here!
Versa Networks
December 6, 2023
Zero Trust is widely considered to be the future of security for protecting networks, systems and data in both commercial and public sector organizations. The U.S. Department of Defense (DoD) has been making significant strides in modernizing its cybersecurity infrastructure in response to a presidential mandate to adopt a Zero Trust architecture.