MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
ivanti
Search

Ivanti Patches Two Zero-Days Under Attack, But Finds Another

Wednesday January 31, 2024. 09:42 PM , from Slashdot
Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. From a report: Since early December, ââChinese state-backed hackers have been exploiting Ivanti Connect Secure's flaws -- tracked as CVE-2023-46805 and CVE-2024-21887 -- to break into customer networks and steal information.

Ivanti is now warning that it has discovered two additional flaws -- tracked as CVE-2024-21888 and CVE-2024-21893 -- affecting its Connect Secure VPN product. The former is described as a privilege escalation vulnerability, while the latter -- known as a zero-day because Ivanti had no time to fix the bug before hackers began exploiting it -- is a server-side bug that allows an attacker access to certain restricted resources without authentication. In its updated disclosure, Ivanti said it has observed 'targeted' exploitation of the server-side bug. Germany's Federal Office for Information Security, known as the BSI, said in a translated advisory on Wednesday that it has knowledge of 'multiple compromised systems.'

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/24/01/31/1935254/ivanti-patches-two-zero-days-under-attack-but-finds-a...

Related News

ivanti Millions of smart toothbrushes used in botnet attack on company BoingBoingFeb 6
cve- Government Hackers Targeted iPhones Owners With Zero-Days, Google Says SlashdotFeb 6
bug Ivanti devices hit by wave of exploits for latest security hole TheRegisterFeb 5
hackers Boeing Finds More Misdrilled Holes On 737 In Latest Setback SlashdotFeb 5
exploiting Amazon extends the life of its servers to six years, expects $900m benefit in 90 days TheRegisterFeb 2
another LockBit shows no remorse for ransomware attack on children's hospital TheRegisterFeb 1
its Hate Speech Proliferates on YouTube in India, Research Finds Wired: Tech.Feb 1
two View Master Travels finds the exact spots old 3D photos were taken. Here's how it's done. BoingBoingFeb 1
information Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns TheRegisterJan 31
finds New GitHub Copilot Research Finds 'Downward Pressure On Code Quality' SlashdotJan 30
connect Office Mandates Don't Help Companies Make More Money, Study Finds SlashdotJan 28
flaws TSMC finds its green chips are highly sought after... the edible ones TheRegisterJan 27
said eBay tells 1,000 employees their days at company are numbered TheRegisterJan 24
patches Humans Still Cheaper Than AI in Vast Majority of Jobs, MIT Finds SlashdotJan 22
tracked Indiana man trapped in truck for 6 days describes the nightmare (video) BoingBoingJan 22
ivanti Ivanti and Juniper Networks accused of bending the rules with CVE assignments TheRegisterJan 22
cve- US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked Wired: Tech.Jan 20
bug Intel finds a friend in fight against $1.2B EU antitrust fine TheRegisterJan 19
hackers Greenland's Ice Sheet Melting Faster Than Scientists Previously Estimated, Study Finds SlashdotJan 19
exploiting Bing Gained Less Than 1% Market Share Since Adding Bing Chat, Report Finds SlashdotJan 19
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
May, Mon 20 - 07:39 CEST