Navigation
Search
|
State-backed Hackers Are Exploiting New Ivanti VPN Zero-Days - But No Patches Yet
Thursday January 11, 2024. 07:00 PM , from Slashdot/Apple
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won't be available until the end of the month. From a report: Ivanti said the two vulnerabilities -- tracked as CVE-2023-46805 and CVE-2024-21887 -- were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet. Ivanti said it is aware of 'less than 10 customers' impacted so far by the 'zero day' vulnerabilities, described as such given Ivanti had zero time to fix the flaws before they were maliciously exploited.
Read more of this story at Slashdot.
https://tech.slashdot.org/story/24/01/11/1735207/state-backed-hackers-are-exploiting-new-ivanti-vpn-...
Related News |
46 sources
Current Date
May, Fri 3 - 15:12 CEST
|