Two serious zero-day flaws in Ivanti Endpoint Manager Mobile (EPMM) let people run code remotely without having to log in. The flaws are in parts that run before authentication, which lets attackers run any command they want without valid credentials. On February 9, attackers were able to fully compromise a system and steal data in just six seconds, according to one report.

It is much harder to find things when automated scanning, in-memory payload execution, and fileless techniques are used. Organizations that use EPMM should immediately apply patches, limit access to management interfaces from outside the organization, and keep an eye out for strange HTTP requests or file changes that aren't authorized. The incident shows a larger trend: modern attackers value speed, automation, and stealth, which makes it harder to find them in just a few seconds.

Call 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/ for private help. If you need help in the U.S., call 1-877-788-8888 or go to http://www.suicidespreventionlifeline.com/. In the UK, you can get private help by calling the Samaritans at 08457 90 90 90, going to a local branch, or clicking here.

If you need help in Europe, go to the Samaritans' website or click here. If you need help in the U.K., go to www.samaritans.org or call the U.K. number 0800 0800 909090.