Ivanti, a cybersecurity company, is rushing to patch four new vulnerabilities in its Connect Secure and Policy Secure products after facing a series of security failures. The company has committed to a secure-by-design overhaul to strengthen its products against cyber threats, especially from China-based hacker groups exploiting zero-day flaws. Researchers have identified multiple hacker groups targeting Ivanti's security flaws, with vulnerabilities like CVE-2023-46805 and CVE-2024-21887 being actively abused. Shadowserver reports scanning vulnerable Ivanti Connect Secure instances, including heap overflow vulnerabilities potentially leading to remote code execution. Mandiant experts have analyzed post-exploitation activities on vulnerable Ivanti appliances, emphasizing the importance of cybersecurity practices in preventing further breaches.
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894: https://t.co/V1dT2msR3n by Security Affairs #infosec #cybersecurity #technology #news
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways https://t.co/PNkt4T2cAz
Ivanti will revamp its cybersecurity practices after hackers recently exploited flaws in some of the company's remote access tools. This cybersecurity breach could lead to hacks of government agencies and other companies. https://t.co/aymtuOuEOJ
Ivanti CEO Pledges To Fundamentally Transform Its Hard-Hit Security Model https://t.co/c9Lu7cJirs
Ivanti, following years of critical VPN exploits, pledges βnew eraβ of security https://t.co/3b39bg8wLB
In the latest blog post, #Mandiant experts dissect post-exploitation activities observed on vulnerable Ivanti Connect Secure appliances. Gain expert insights and recommendations. Read the blog: https://t.co/woBi89WJlu #Cybersecurity #ThreatIntelligence
Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities https://t.co/Q73oKgbREI
We are now scanning/reporting Ivanti Connect Secure instances vulnerable to CVE-2024-21894 (heap overflow potentially leading to RCE) & others described in https://t.co/wu0PSvISg4 ~16 500 likely vulnerable (~4.6K in US): https://t.co/456gKzGMsn Data in: https://t.co/qxv0Gv5ELc https://t.co/cK0dbr4Nkb
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws https://t.co/YVsgfDzRZ0
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws: https://t.co/i6StcZWZtp by The Hacker News #infosec #cybersecurity #technology #news
π Multiple China-based hackers are on a spree exploiting zero-day flaws in Ivanti appliances. Vulnerabilities CVE-2023-46805, CVE-2024-21887, CVE-2024-21893 are being abused. Learn more: https://t.co/t39VJjvdbG Even financially motivated groups are in on the action.
Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed: https://t.co/eg1biKH6sF by darkreading #infosec #cybersecurity #technology #news
After spending months grappling with a string of gateway appliance security failures, @GoIvanti has vowed to reengineer its processes to harden its products against increasingly persistent attackers. #cybersecurity #infosec #ITsecurity https://t.co/9NQC2IBCiy
Ivanti commits to secure-by-design overhaul after vulnerability nightmare https://t.co/lFPWtW18bs
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure https://t.co/pPbIPQyxUG