CRN

Ivanti Rolls Out First Patch For VPN Flaws, Discloses New Zero Days

The company says the newly released patch will address the two previously announced Connect Secure vulnerabilities as well as two additional flaws. Ivanti released the first patch for a pair of widely ...
techtimes

Ivanti Firmware Appears to Be Vulnerable to Multiple Security Flaws: Here's the Alarming Part

Ivanti Connect Secure and Policy Secure endpoints have been left vulnerable to a series of security flaws, posing significant risks to organizations relying on these products for secure access and ...
Bleeping Computer

Ivanti: Patch new Connect Secure auth bypass bug immediately

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw ...
CSOonline

Attackers target new Ivanti XXE vulnerability days after patch

The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update. Days after Ivanti announced patches for a new vulnerability in its ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...
Dark Reading

CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29824, found in the Ivanti Endpoint ...
Ars Technica

Agencies using vulnerable Ivanti products have until Saturday to disconnect them

Federal civilian agencies have until midnight Saturday morning to sever all network connections to Ivanti VPN software, which is currently under mass exploitation by multiple threat groups. The US ...