all InfoSec news
1,700 Ivanti VPN devices compromised. Are yours among them?
Help Net Security www.helpnetsecurity.com
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit devices,” Volexity researchers claim. Initial findings Both Volexity and Ivanti revealed on January 10 that unknown attackers have been leveraging exploits for CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection vulnerability) to breach organizations and ultimately … More
The post …
0 day access apt attackers beyond claim compromised connect devices don't miss enterprise exploit exploiting findings hot stuff ivanti ivanti connect secure vpn mandiant patches researchers secure vpn smbs threat threat actors threat hunting volexity vpn web shell zero-days