Ivanti

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity /

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is […]

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product

Ivanti, Vulnerabilities /

Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product 2024-04-17 at 15:46 By Ionut Arghire Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution. The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product Read More »

IT and security professionals demand more workplace flexibility

hybrid workforce, Ivanti, News, report, survey /

IT and security professionals demand more workplace flexibility 2024-04-17 at 06:01 By Help Net Security The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cybersecurity

React to this headline:

Loading spinner

IT and security professionals demand more workplace flexibility Read More »

Ivanti empowers IT and security teams with new solutions and enhancements

Industry news, Ivanti /

Ivanti empowers IT and security teams with new solutions and enhancements 2024-04-11 at 17:01 By Industry News Ivanti released Ivanti Neurons for External Attack Surface management (EASM), which helps combat attack surface expansion with full visibility of external-facing assets and actionable intelligence on exposures. With the evolution of Everywhere Work comes an increasingly complex threat

React to this headline:

Loading spinner

Ivanti empowers IT and security teams with new solutions and enhancements Read More »

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

CVE-2024-21894, Ivanti, Network Security, VPN, Vulnerabilities /

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability 2024-04-08 at 18:01 By Ionut Arghire Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability Read More »

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz

CVE-2023-46805, CVE-2024-21887, Government, Ivanti, Nation-State, Pulse Secure, Vulnerabilities, Zero-Day /

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz 2024-04-04 at 22:31 By Ryan Naraine Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz Read More »

Ivanti vows to transform its security operating model, reveals new vulnerabilities

Don't miss, enterprise, Hot stuff, Ivanti, News, VPN, vulnerability, vulnerability management /

Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months

React to this headline:

Loading spinner

Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

exploited, Featured, Fortinet, Ivanti, Vulnerabilities /

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks 2024-03-26 at 12:46 By Eduard Kovacs CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

March 2024 Patch Tuesday forecast: A popular framework updated

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, News, patch, Patch Tuesday, security update /

March 2024 Patch Tuesday forecast: A popular framework updated 2024-03-08 at 08:47 By Help Net Security We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch

React to this headline:

Loading spinner

March 2024 Patch Tuesday forecast: A popular framework updated Read More »

Governments Urge Organizations to Hunt for Ivanti VPN Attacks

Government, Ivanti, Malware & Threats /

Governments Urge Organizations to Hunt for Ivanti VPN Attacks 2024-03-01 at 16:01 By Ionut Arghire Credentials stored on Ivanti VPN appliances impacted by recent vulnerabilities are likely compromised, government agencies say. The post Governments Urge Organizations to Hunt for Ivanti VPN Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Governments Urge Organizations to Hunt for Ivanti VPN Attacks Read More »

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks

China, espionage, Ivanti, Malware & Threats, Nation-State /

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks 2024-02-28 at 14:52 By Ionut Arghire Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades. The post Chinese Cyberspies Use New Malware in Ivanti VPN Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Chinese Cyberspies Use New Malware in Ivanti VPN Attacks Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor

backdoor, exploited, Ivanti, Malware & Threats /

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor 2024-02-13 at 15:31 By Ionut Arghire Backdoor deployed using recent Ivanti VPN vulnerability enables command execution, web request and system log theft. The post Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor Read More »

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)

backdoor, Don't miss, exploit, Hot stuff, Ivanti, News, Orange Cyberdefense, vulnerability /

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) 2024-02-13 at 13:01 By Helga Labus Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request

React to this headline:

Loading spinner

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) Read More »

Exploitation of Another Ivanti VPN Vulnerability Observed

exploited, Featured, Ivanti, PoC, Vulnerabilities /

Exploitation of Another Ivanti VPN Vulnerability Observed 2024-02-12 at 13:01 By Ionut Arghire Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins. The post Exploitation of Another Ivanti VPN Vulnerability Observed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Exploitation of Another Ivanti VPN Vulnerability Observed Read More »

Ivanti Patches High-Severity Vulnerability in VPN Appliances

Ivanti, Vulnerabilities /

Ivanti Patches High-Severity Vulnerability in VPN Appliances 2024-02-09 at 15:17 By Ionut Arghire An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources. The post Ivanti Patches High-Severity Vulnerability in VPN Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Ivanti Patches High-Severity Vulnerability in VPN Appliances Read More »

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

ACROS Security, Adobe Acrobat, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, patch, Patch Tuesday, security update /

February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new

React to this headline:

Loading spinner

February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

Don't miss, exploit, Hot stuff, Ivanti, News, Shadowserver, vulnerability /

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted

React to this headline:

Loading spinner

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »

Scroll to Top