Collaborate Disseminate
MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware inf… Continue reading MITRE breached by nation-state threat actor via Ivanti zero-days
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauth… Continue reading Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution.
The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.
Continue reading Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product
The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cyb… Continue reading IT and security professionals demand more workplace flexibility
Ivanti released Ivanti Neurons for External Attack Surface management (EASM), which helps combat attack surface expansion with full visibility of external-facing assets and actionable intelligence on exposures. With the evolution of Everywhere Work com… Continue reading Ivanti empowers IT and security teams with new solutions and enhancements
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
The post Thousands of Ivanti VPN Appliances Impacted by Rece… Continue reading Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Continue reading Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mont… Continue reading Ivanti vows to transform its security operating model, reveals new vulnerabilities
CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild.
The post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Continue reading Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution.
The post Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM appeared first on SecurityWeek.
Continue reading Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM