Ivanti

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor

backdoor, exploited, Ivanti, Malware & Threats /

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor 2024-02-13 at 15:31 By Ionut Arghire Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft. The post Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original […]

React to this headline:

Loading spinner

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor Read More »

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)

backdoor, Don't miss, exploit, Hot stuff, Ivanti, News, Orange Cyberdefense, vulnerability /

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) 2024-02-13 at 13:01 By Helga Labus Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request

React to this headline:

Loading spinner

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) Read More »

Exploitation of Another Ivanti VPN Vulnerability Observed

exploited, Featured, Ivanti, PoC, Vulnerabilities /

Exploitation of Another Ivanti VPN Vulnerability Observed 2024-02-12 at 13:01 By Ionut Arghire Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins. The post Exploitation of Another Ivanti VPN Vulnerability Observed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Exploitation of Another Ivanti VPN Vulnerability Observed Read More »

Ivanti Patches High-Severity Vulnerability in VPN Appliances

Ivanti, Vulnerabilities /

Ivanti Patches High-Severity Vulnerability in VPN Appliances 2024-02-09 at 15:17 By Ionut Arghire An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources. The post Ivanti Patches High-Severity Vulnerability in VPN Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Ivanti Patches High-Severity Vulnerability in VPN Appliances Read More »

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

ACROS Security, Adobe Acrobat, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, patch, Patch Tuesday, security update /

February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new

React to this headline:

Loading spinner

February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

Don't miss, exploit, Hot stuff, Ivanti, News, Shadowserver, vulnerability /

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted

React to this headline:

Loading spinner

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products

CISA KEV, Ivanti, Malware & Threats, VPN, Vulnerabilities, Zero-Day /

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products 2024-02-01 at 19:01 By Ryan Naraine In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared first

React to this headline:

Loading spinner

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products Read More »

After Delays, Ivanti Patches Zero-Days and Confirms New Exploit

CISA KEV, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, Featured, Ivanti, Malware & Threats, Vulnerabilities /

After Delays, Ivanti Patches Zero-Days and Confirms New Exploit 2024-01-31 at 19:47 By Ryan Naraine Ivanti documents a brand-new zero-day and belatedly ships patches; Mandiant is reporting “broad exploitation activity.” The post After Delays, Ivanti Patches Zero-Days and Confirms New Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

After Delays, Ivanti Patches Zero-Days and Confirms New Exploit Read More »

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

CISA, CVE-2023-46805, CVE-2024-21887, Ivanti, Nation-State, Volexity, Vulnerabilities /

Ivanti Struggling to Hit Zero-Day Patch Release Schedule 2024-01-29 at 22:15 By Ryan Naraine Ivanti is struggling to hit its own timeline for the delivery of patches for critical — and already exploited — flaws in its flagship VPN appliances. The post Ivanti Struggling to Hit Zero-Day Patch Release Schedule appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Ivanti Struggling to Hit Zero-Day Patch Release Schedule Read More »

CISA Issues Emergency Directive on Ivanti Zero-Days

CISA, CVE-2023-46805, CVE-2024-21887, Ivanti, Malware & Threats, Volexity, Vulnerabilities /

CISA Issues Emergency Directive on Ivanti Zero-Days 2024-01-19 at 23:31 By Ryan Naraine The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. The post CISA Issues Emergency Directive on Ivanti Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

CISA Issues Emergency Directive on Ivanti Zero-Days Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

exploited, Ivanti, Vulnerabilities /

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases 2024-01-19 at 13:16 By Eduard Kovacs The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. The post Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases appeared first

React to this headline:

Loading spinner

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

exploited, Featured, Ivanti, Malware & Threats, Zero-Day /

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins 2024-01-16 at 12:46 By Eduard Kovacs The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. The post Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins Read More »

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout

China, espionage, Ivanti, Malware & Threats, Zero-Day /

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout 2024-01-12 at 13:16 By Eduard Kovacs Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. The post Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

Ivanti, Nation-State, Volexity, VPN, Vulnerabilities, Zero-Day /

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days 2024-01-11 at 00:01 By Ryan Naraine Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22. The post Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Read More »

Ivanti Patches Critical Vulnerability in Endpoint Manager

Ivanti, Vulnerabilities /

Ivanti Patches Critical Vulnerability in Endpoint Manager 2024-01-05 at 14:17 By Ionut Arghire CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server. The post Ivanti Patches Critical Vulnerability in Endpoint Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Ivanti Patches Critical Vulnerability in Endpoint Manager Read More »

January 2024 Patch Tuesday forecast: A Focus on Printing

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions /

January 2024 Patch Tuesday forecast: A Focus on Printing 2024-01-05 at 08:16 By Help Net Security Happy 2024 Everyone! I hope everyone is looking forward to another exciting year in the ever-changing world of IT operations and software security. This article aims to provide a quick summary of some of the latest trends, announcements, and

React to this headline:

Loading spinner

January 2024 Patch Tuesday forecast: A Focus on Printing Read More »

Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product 21/12/2023 at 15:32 By Eduard Kovacs Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical. The post Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product Read More »

Scroll to Top