CLA Blogs

Cybersecurity Blog

February, 2024

Remote Code Execution on Ivanti Products Found in the Wild
- February 19, 2024
- Javier Young
In early January, Ivanti acknowledged two critical zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in their Connect Secure and Policy Secure Gateways. These vulnerabilities open the door for remote unauthenticated code execution across all supported versions. Volexity’s investigation, which we’ve linked below, reveals active exploitation in the wild.

Read More
Abusing Unconstrained Delegation via Service Principal Name hijacking
- February 12, 2024
- Javier Young
. When conducting penetration tests, abusing delegation is one of my favorite attacks to conduct. Not only is it usually a quick and easy way to elevate privileges, but I often find that many clients do not fully understand the risks associated with delegation and perhaps more importantly, they don’t know how to detect it.

Read More

Subscribe to Blog

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.

Get More Cybersecurity Resources
Learn How We Can Help

Recent Posts
Blog Archive
Categories
- Compliance (11)
- Data Analytics (1)
- Incident Response (13)
- Information Security (42)
- Internet Services (2)
- IT Controls (23)
- Network Security (26)
- Penetration Testing (13)
- Technology Infrastructure (18)
- Uncategorized (10)

Get to Know Us

Contact Us
Locations
Directory
About
Careers
Email Subscriptions
Global Affiliation

Get Started

Client Login
Pay CLA Bill Online
Email Subscriptions
Industries
Services
Resources
CLA Blogs
Events
Media

Call us at 1-888-529-2648.

Privacy policy, terms of use, and disclaimers
CliftonLarsonAllen Wealth Advisors, LLC disclaimers

© 2024 CliftonLarsonAllen. All rights reserved. "CliftonLarsonAllen" and "CLA" refer to CliftonLarsonAllen LLP.

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.

CliftonLarsonAllen is a Minnesota LLP, with more than 120 locations across the United States. The Minnesota certificate number is 00963. The California license number is 7083. The Maryland permit number is 39235. The New York permit number is 64508. The North Carolina certificate number is 26858. If you have questions regarding individual license information, please contact Elizabeth Spencer.

CLA (CliftonLarsonAllen LLP), an independent legal entity, is a network member of CLA Global, an international organization of independent accounting and advisory firms. Each CLA Global network firm is a member of CLA Global Limited, a UK private company limited by guarantee. CLA Global Limited does not practice accountancy or provide any services to clients. CLA (CliftonLarsonAllen LLP) is not an agent of any other member of CLA Global Limited, cannot obligate any other member firm, and is liable only for its own acts or omissions and not those of any other member firm. Similarly, CLA Global Limited cannot act as an agent of any member firm and cannot obligate any member firm. The names “CLA Global” and/or “CliftonLarsonAllen,” and the associated logo, are used under license.