all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

1,700 Ivanti VPN devices compromised. Are yours among them?

Add to bookmarks
Jan. 16, 2024, 3:07 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit devices,” Volexity researchers claim. Initial findings Both Volexity and Ivanti revealed on January 10 that unknown attackers have been leveraging exploits for CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection vulnerability) to breach organizations and ultimately … More


The post …

0 day access apt attackers beyond claim compromised connect devices don't miss enterprise exploit exploiting findings hot stuff ivanti ivanti connect secure vpn mandiant patches researchers secure vpn smbs threat threat actors threat hunting volexity vpn web shell zero-days

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Adaptive Shield unveils SaaS security for AI 5 hours ago | www.helpnetsecurity.com
adaptive shield and response applications apps +28
Onyxia launches AI-powered predictive insights to optimize security management 5 hours ago | www.helpnetsecurity.com
address ai-powered can challenges +24
Island raises $175 million at $3 billion valuation 6 hours ago | www.helpnetsecurity.com
capital coatue financing funding +10
Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams 6 hours ago | www.helpnetsecurity.com
ai-powered application application security assistant +30
FCC fines major wireless carriers over illegal location data sharing 6 hours ago | www.helpnetsecurity.com
access att carriers communications +26
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 7 hours ago | www.helpnetsecurity.com
alto attackers aware concept +24
Cybersixgill Third-Party Intelligence module identifies potential supply chain risks 7 hours ago | www.helpnetsecurity.com
action cyber cybersecurity cybersixgill +25
ESET launches two MDR subscription tiers for SMBs and enterprises 10 hours ago | www.helpnetsecurity.com
and response businesses detection detection and response +15
ThreatX provides always-active API security from development to runtime 10 hours ago | www.helpnetsecurity.com
api api security application application protection +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs