News

Bleeping Computer9mon
Ivanti warns of three more CSA zero-days exploited in attacks - BleepingComputer
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
Bleeping Computer1y
Ivanti warns of critical flaws in its Avalanche MDM solution - BleepingComputer
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote ...
CRN1y
Ivanti Discloses Fifth Major VPN Vulnerability In A Month - CRN
Ivanti published details Thursday on a new, high-severity flaw that impacts its Connect Secure VPN devices — the fifth such vulnerability disclosed over the past month.
TechCrunch1y
Ivanti patches two zero-days under attack, but finds another
Ivanti is now warning that it has discovered two additional flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting its Connect Secure VPN product. The former is described as a ...
Ars Technica1y
Agencies using vulnerable Ivanti products have until Saturday to disconnect them - Ars Technica
Ivanti disclosed two new critical vulnerabilities in Connect Secure on Wednesday, tracked as CVE-2024-21888 and CVE-2024-21893. The company said that CVE-2024-21893—a class of vulnerability ...
Government Executive4d
Transforming Federal IT Modernization with Ivanti’s Innovative Solutions - Government Executive
Adopting Ivanti’s solutions provides federal agencies with numerous benefits, including cost savings, reduced duplicative spending and streamlined IT operations.
TechCrunch1y
Ivanti warns customers another zero-day is under active attack
U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack. The vulnerability, tracked as CVE-2023-38035 with a vulnerability severity rating of 9.8 out ...
TechRadar6mon
Ivanti warns it has found another major security flaw in its systems
Ivanti patches two zero-days that could lead to RCE in Endpoint Manager Mobile To address the flaw, users should upgrade their appliances to version 5.0.3 - but fortunately there is still no ...
Infosecurity-magazine.com1y
Two Ivanti Zero-Days Actively Exploited in the Wild
Ivanti products have previously been exploited by suspected Chinese state hackers. In July, they targeted CVE-2023-35078 and CVE-2023-35081 in the firm’s Endpoint Manager Mobile (EPMM) product to ...
TechRepublic1y
New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches - TechRepublic
Read details about the new Ivanti VPN zero-day vulnerabilities, along with the latest information about patches. Most of the exposed VPN appliances are reported to be in the U.S., followed by ...
Infosecurity-magazine.com1y
Ivanti Zero-Days Exploited By Multiple Actors Globally
Ivanti first published an advisory about the two zero-days on January 10. At the time, it said that fewer than 10 customers were impacted by exploitation of CVE-2023-46805 and CVE-2024-21887: two ...
Hackaday1y
This Week In Security: Glibc, Ivanti, Jenkins, And Runc
It seems like CISA knows something that maybe we don’t, and it’s not great news for Ivanti users. Do note that this even applies to devices that have had the XML mitigation applied. Yikes. Jenkins ...