News

Computer Weekly1d
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a ...
French government hit by Chinese hackers exploiting Ivanti security flaws
The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted ...
Hackaday1y
This Week In Security: Glibc, Ivanti, Jenkins, And Runc
It seems like CISA knows something that maybe we don’t, and it’s not great news for Ivanti users. Do note that this even applies to devices that have had the XML mitigation applied. Yikes. Jenkins ...
SecurityWeek7d
Ivanti, Fortinet, Splunk Release Security Updates
Ivanti, Fortinet, and Splunk have released patches for critical- and high-severity vulnerabilities in their products.
The Hacker News13d
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
Chinese hackers exploited Ivanti CSA zero-days, targeting French government, media, and telecom sectors in September 2024.
TechCrunch1y
Ivanti patches two zero-days under attack, but finds another
Ivanti is now warning that it has discovered two additional flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting its Connect Secure VPN product. The former is described as a ...
Ars Technica6mon
Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written ...
Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
Ars Technica1y
As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now ...
Authentication in Ivanti VPNs occurs through the doAuthCheck function in an HTTP web server binary located at /root/home/bin/web. The endpoint /dana-ws/saml20.ws doesn’t require authentication.
Hosted on MSN2mon
More Ivanti attacks may be on horizon, say experts who are seeing ... - MSN
Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.… The team at ...
Government Executive14d
Transforming Federal IT Modernization with Ivanti’s Innovative Solutions
Federal agencies are facing significant challenges due to outdated IT systems that hinder efficiency, compromise security and fail to meet public demands. Legacy hardware and software create ...
Bleeping Computer11mon
Ivanti warns of critical vTM auth bypass with public exploit
Ivanti VPN appliances have been under attack since December 2023 using exploits chaining the CVE-2023-46805 authentication bypass and the CVE-2024-21887 command injection flaws as zero days.
TechRadar8mon
Ivanti Neurons review - TechRadar
Ivanti Neurons is a multi-faceted RMM software that allows businesses to discover and automate various endpoint management functions, including patching. With various products to look after ...