CVE-2023-46805
Starting January 10, 2024, multiple parties (Ivanti, Volexity, and Mandiant) disclosed the existence of a zero-day exploit chain affecting Ivanti Connect Secur…
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach.
Ivanti EPMM CVE-2023-39335/39337
We have discovered two new vulnerabilities in Ivanti Endpoint Manager Mobile. We are reporting these vulnerabilities as CVE-2023-39335 and CVE-2023-39337.
Critical Infrastructure Companies Warned to Watch for Ongoing Cyberattack
Hackers exploited a ‘zero-day’ flaw in Ivanti software to breach 12 ministries in Norway Norway’s security officials warned around 20 critical infrastructure companies, other businesses and public agencies in the country they might also be vulnerable to a cyberattack disclosed Monday that hit 12 government ministries.
Ivanti warns of second vulnerability used in attacks on Norway gov’t
A second vulnerability affecting mobile endpoint management software from IT giant Ivanti has been discovered, according to a new advisory from the company.