Feb. 5, 2024, 12:11 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Introduction


Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. The initial disclosure involved two CVEs (CVE-2023-46805 and CVE-2023-21887) allowing a remote attacker to perform authentication bypass and remote command injection exploits. Ivanti released a patch which was immediately bypassed by two additional flaws (CVE-2024-21888 and CVE-2024-21893) that allows an attacker to perform privilege escalation and server-side request forgery exploits.


The Cybersecurity …

advisory attacker authentication authentication bypass bypass chinese critical cve cve-2023-46805 cves december december 2023 disclosure exploited hackers introduction it management ivanti management products risk security security company state threatlabz vpn vulnerabilities warning zero-day zero-days zero-day vulnerabilities

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Field Account Executive

@ Darktrace | Americas

Account Executive

@ Darktrace | Los Angeles

Field Account Executive

@ Darktrace | Michigan, United States

Field Account Executive

@ Darktrace | Ohio, United States

Named Account Manager - Telco & Enterprise, Thailand

@ Palo Alto Networks | Bangkok, Thailand