Collaborate Disseminate
MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect Secure VPN ap… Continue reading MITRE breach details reveal attackers’ successes and failures
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware inf… Continue reading MITRE breached by nation-state threat actor via Ivanti zero-days
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauth… Continue reading Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution.
The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.
Continue reading Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product
The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cyb… Continue reading IT and security professionals demand more workplace flexibility
Ivanti released Ivanti Neurons for External Attack Surface management (EASM), which helps combat attack surface expansion with full visibility of external-facing assets and actionable intelligence on exposures. With the evolution of Everywhere Work com… Continue reading Ivanti empowers IT and security teams with new solutions and enhancements
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
The post Thousands of Ivanti VPN Appliances Impacted by Rece… Continue reading Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Continue reading Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mont… Continue reading Ivanti vows to transform its security operating model, reveals new vulnerabilities