9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Two critical zero-day vulnerabilities were discovered in Ivanti Connect Secure. Organizations that take advantage of this need to take action as quickly as possible. Unknown hackers are actively
Two critical zero-day vulnerabilities were discovered in Ivanti Connect Secure. Organizations that take advantage of this need to take action as quickly as possible.
Unknown hackers are actively targeting two critical zero-day vulnerabilities. This would allow them to bypass two-factor authentication (2FA) to execute malicious code on a commonly used Ivanti network device, Connect Secure. This isn’t the first time Ivanti has come into contact with this.
Ivanti Connect Secure customers should take immediate action and follow risk mitigation guidelines. The vulnerabilities are marked CVE-2023-846805 and CVE-2024-21887 and are located in Ivanti Connect Secure, a widely used VPN device formerly known as Pulse Secure. It’s not the first time the company has come into contact with zero-days being widely exploited.
Researchers at security firm Veloxity wrote that these two vulnerabilities combined make executing commands on the system trivial. Like other VPNs, only authorized devices can grant permission to connect remotely. This āalways-onā status makes the device an ideal target for discovering vulnerabilities in the codes.
So far, zero-days appear to have been exploited in small numbers, but there is a good chance that this could change, concludes Steven Adair, CEO of Veloxity.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
