all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ivanti warns of new Connect Secure zero-day exploited in attacks

Add to bookmarks
Jan. 31, 2024, 2 p.m. | /u/outerlimtz

cybersecurity www.reddit.com

Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
The zero-day flaw (CVE-2024-21893) is a server-side request forgery vulnerability in the gateways' SAML component that enables attackers to bypass authentication and access restricted resources on vulnerable devices.
A second flaw (CVE-2024-21888) in the gateways' web component allows threat actors to escalate privileges to those of an administrator.
"As part of our ongoing investigation into …

access attackers attacks authentication bug bypass connect cve cve-2024-21893 cybersecurity exploitation exploited flaw forgery gateways ivanti policy request resources restricted saml server server-side request forgery today under vulnerabilities vulnerability zero-day zero-day bug zero-day flaw zta

Visit resource

More from www.reddit.com / cybersecurity

Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 4 hours ago | www.reddit.com
attack attacks campaign cisco +7
Any Fortune 100 company go all in on Microsoft E5 Security Suite? 14 hours ago | www.reddit.com
all in cybersecurity defender defenders +12
Blueteam Certification like cybersecurity engineers 15 hours ago | www.reddit.com
architect blueteam certification certifications +12
Fake job interviews target developers with new Python backdoor 19 hours ago | www.reddit.com
backdoor cybersecurity developers fake +7
Passkeys: A Shattered Dream 19 hours ago | www.reddit.com
cybersecurity dream passkeys
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software 19 hours ago | www.reddit.com
census cyberattack cybersecurity easy +4
Ukraine's military intelligence launches cyberattack against United Russia party 19 hours ago | www.reddit.com
cyberattack cybersecurity intelligence military +4
The XZ Utils Backdoor explained - Columbia University Lecture 21 hours ago | www.reddit.com
cybersecurity
Cybersecurity for Government 22 hours ago | www.reddit.com
budget corporate cybersecurity goals +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Principal Security Analyst - Threat Labs (Position located in India) (Remote)

@ KnowBe4, Inc. | Kochi, India
View on infosec-jobs.com

Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860

@ EY | Dallas, TX, US, 75219
View on infosec-jobs.com

Enterprise Security Architect (Intermediate)

@ Federal Reserve System | Remote - Virginia
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Vulnerability Management Team Lead - North Central region (Remote)

@ GuidePoint Security LLC | Remote in the United States
View on infosec-jobs.com
View more jobs