all InfoSec news
CISO Perspectives: Ivanti VPN CVEs and Zero-day Exploits Reinforce Top Reasons to Move to Universal Zero Trust Network Access
Malware Analysis, News and Indicators - Latest topics malware.news
Initially, Ivanti Connect Secure and Policy Secure flaws surfaced in mid-January. They were actively being exploited by Chinese-backed hackers. The flaws were a command injection bug (CVE-2024-21887) and an authentication bypass flaw (CVE-2023-46805). Two more vulnerabilities (CVE-2024-21888 and CVE-2024-21893) were reported by Ivanti last week.
These Ivanti CVEs (Common Vulnerabilities and Exposures) serve as a stark reminder of VPN weaknesses and the dangers of exposed infrastructure. Despite the urgency to fix the issues—not just for government agencies, but for all …
access authentication authentication bypass authentication bypass flaw bug bypass chinese ciso command command injection connect cve cve-2023-46805 cve-2024-21887 cve-2024-21888 cve-2024-21893 cves exploited exploits flaw flaws hackers injection ivanti ivanti connect secure ivanti vpn january network network access perspectives policy trust vpn vulnerabilities zero-day zero trust zero trust network zero trust network access