CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
Computer Weekly

Ivanti vulnerabilities explained: Everything you need to know

At the end of 2023 and into 2024, a series of vulnerabilities in Ivanti Policy Secure network access control (NAC), Ivanti Connect Secure secure socket layer virtual private network (SSL VPN), and ...
CRN

Ivanti VPN Vulnerabilities Seeing ‘Mass Exploitation:’ Researchers

While no patches are available yet, Ivanti urged customers to ‘apply the mitigation immediately,’ with threat actors now exploiting the flaws to carry out worldwide attacks. Volexity researchers who ...
Infosecurity-magazine.com

Critical Ivanti Zero-Day Exploited in the Wild

The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
Ars Technica

Agencies using vulnerable Ivanti products have until Saturday to disconnect them

Federal civilian agencies have until midnight Saturday morning to sever all network connections to Ivanti VPN software, which is currently under mass exploitation by multiple threat groups. The US ...
Dark Reading

Ivanti Keeps Security Teams Scrambling With 2 More Vulns

Ivanti, whose products have been a big target for attackers recently, has disclosed two more critical vulnerabilities in its technologies — raising more questions about the security of its products in ...
Bleeping Computer

Ivanti fixes three critical flaws in Connect Secure & Policy Secure

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical ...