#ConnectSecureVPN

More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

by

January 31, 2024 at 03:39PM Ivanti has patched the original set of zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in its Connect Secure VPN appliances, but more fixes will be rolled out on a staggered schedule. The company is also addressing two new bugs (CVE-2024-21888 and CVE-2024-21893) with the latter under active exploitation. Organizations are urged to … Read more

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

by

January 10, 2024 at 08:03PM Volexity warned of Chinese hackers exploiting zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in Ivanti Connect Secure VPN. It affected fully patched appliances, with pre-patch mitigations provided. The attackers used these exploits to execute commands, steal data, and gain access to network systems. Volexity discovered and described the attacker’s methods. From the … Read more