Google offers free access to fuzzing framework

Google offers free access to fuzzing framework

Fuzzing can be a valuable tool for ferreting out zero-day vulnerabilities in software. In hopes of encouraging its use by developers and researchers, Google announced Wednesday it’s now offering free access to its fuzzing framework, OSS-Fuzz. According to Google, tangible security improvements can be obtained by using the framework to automate the manual aspects of … Read more

US government agencies ordered to take Ivanti VPN products offline

US government agencies ordered to take Ivanti VPN products offline

In January, Ivanti alerted customers that hackers were exploiting two zero-day vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure. This week the company revealed that two other vulnerabilities were discovered in the meantime, with one already being exploited in targeted attacks. Even though patches are now available for all four vulnerabilities, the US … Read more

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA on Wednesday told federal agencies to temporarily disconnect all instances of Ivanti Connect Secure and Policy Secure appliances from agency networks within 48 hours, as Ivanti continues to grapple with two widely exploited vulnerabilities in these products. The new guidance comes less than two weeks after CISA issued an emergency directive giving federal agencies … Read more

Categories duo
jsplaces