May 7, 2024 at 04:15AM MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise. … Read more
February 15, 2024 at 10:33AM Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple high to critical security issues. The flaws include authentication bypass, server-side-request forgery, arbitrary command execution, and command injection problems. Despite available security updates, a large number of endpoints are still exposed to these vulnerabilities, increasing the risk … Read more
January 31, 2024 at 12:48PM Ivanti is urgently addressing two high-severity vulnerabilities in its Connect Secure and Policy Secure VPN products, discovered during the investigation of zero-day attacks. The company has started rolling out patches for critical bugs and issued an alert to its customers to test and deploy available fixes promptly. Digital forensics firm … Read more