Ivanti commits to secure-by-design overhaul after vulnerability nightmare 2024-04-04[theregister.co.uk] CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat
Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year. Részletek >
Ivanti devices hit by wave of exploits for latest security hole 2024-02-05[theregister.co.uk] At this point you might be better off just shutting the stuff down
Various miscreants are attempting to exploit the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 that can be used to hijack equipment. Részletek >
Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns 2024-01-31[theregister.co.uk] Many versions still without fixes while sophisticated attackers bypass mitigations
Ivanti has finally released the first round of patches for vulnerability-stricken Connect Secure and Policy Secure gateways, but in doing so has also found two additional zero-days, one of which is under active exploitation. Részletek >