#ivanti

[ follow ]
TechCrunch
3 months ago
Information security

Researchers say attackers are mass-exploiting new Ivanti VPN flaw | TechCrunch

Hackers are mass exploiting a third vulnerability in Ivanti's VPN appliance, affecting thousands of organizations worldwide.
One of the newly discovered flaws is a server-side request forgery flaw, which is being actively exploited by hacking groups. [ more ]
vulnerabilities
Ars Technica
3 months ago
Information security

As if two Ivanti vulnerabilities under explot wasn't bad enough, now there are 3

Mass exploitation has begun for a critical vulnerability in Ivanti's VPN software, which comes as two other vulnerabilities are already being exploited.
The new vulnerability, tracked as CVE-2024-21893, is a server-side request forgery that has seen a rapid increase in attacks since its disclosure. [ more ]
Axios
4 months ago
Privacy professionals

Researchers warn suspected China-backed hackers are targeting flaws in Invanti VPN tools

Hackers are actively exploiting vulnerabilities in Ivanti's products, potentially impacting its 40,000 customers.
A Chinese state-backed hacking group is suspected of targeting these vulnerabilities to access companies' networks. [ more ]
morevulnerabilities
cybersecurity
Nextgov.com
3 months ago
Information security

Agencies must disconnect all exposed Ivanti products by Friday, CISA says

CISA has directed federal agencies to disconnect from Ivanti products due to new security vulnerabilities.
China-linked hackers have attempted to exploit these vulnerabilities since at least December. [ more ]
Nextgov.com
3 months ago
Privacy professionals

CISA directs agencies to mitigate widespread VPN bugs

Federal civilian agencies are under emergency orders to address recently discovered flaws in a widely used VPN appliance from Ivanti that is being targeted by hackers linked to China.
The vulnerability allows deep access into the target network, enabling data exfiltration or persistence for other malicious activities. [ more ]
Theregister
4 months ago
Information security

China-backed attackers blamed for Ivanti zero-day exploits

Chinese nation-state attackers are actively exploiting zero-day vulnerabilities in Ivanti security products.
The vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure allow for code execution and bypass authentication. [ more ]
TechCrunch
4 months ago
Information security

State-backed hackers are exploiting new Ivanti VPN zero-days - but no patches yet | TechCrunch

Hackers are exploiting two critical vulnerabilities in Ivanti's corporate VPN appliance.
Ivanti confirmed that patches for the vulnerabilities will not be available until the end of the month. [ more ]
morecybersecurity
CyberScoop
3 months ago
Privacy professionals

CISA orders Ivanti devices targeted by Chinese hackers be disconnected

Federal agencies running Ivanti Connect Secure or Ivanti Policy Secure devices must disconnect them due to cyber espionage linked to China.
CISA has issued instructions for updating and bringing the devices back online. [ more ]
[ Load more ]