#PatchDelays

Ivanti Zero-Day Patches Delayed as ‘KrustyLoader’ Attacks Mount

by

January 30, 2024 at 06:27PM Attacks are exploiting zero-day vulnerabilities in Ivanti VPNs allowing remote code execution and authentication bypass. Rust-based backdoors are being deployed, downloading a backdoor malware, “KrustyLoader.” Chinese state-sponsored APT actors are exploiting these bugs worldwide. Patches for the vulnerabilities (CVE-2024-21887 and CVE-2023-46805) have been delayed, with Ivanti targeting a release this … Read more

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

by

January 29, 2024 at 03:06PM Ivanti is facing delays in delivering patches for critical vulnerabilities in its Connect Secure VPN appliances, which have already been exploited. The company missed its promised timeline and now aims to release patches next week. The delays come after Chinese hackers exploited zero-day vulnerabilities, raising concerns for US government agencies … Read more