January 15, 2024 at 08:07PM Volexity discovered mass exploitation of two zero-day vulnerabilities affecting Ivanti’s Connect Secure VPN and Policy Secure NAC appliances. The attacks by multiple threat groups have targeted organizations worldwide, including Fortune 500 companies and government departments. Mitigation measures and a list of malicious tools used in the attacks have been provided. … Read more
January 10, 2024 at 01:59PM Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited … Read more
January 5, 2024 at 03:27AM Ivanti has issued security updates for a critical flaw in its Endpoint Manager solution, posing a remote code execution risk. The vulnerability, rated 9.6 on the CVSS scale, affects EPM 2021 and 2022 prior to SU5. Ivanti also addressed multiple security flaws in its Avalanche enterprise mobile device management solution, … Read more