Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known...

CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. While it has yet to provide further details on CVE-2023-35082 active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation and says there's no evidence of abuse in ransomware attacks.

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. Organizations using Ivanti Connect Secure VPN devices were advised to implement temporary mitigations as soon as possible, check for evidence of compromise, and to boot attackers out of their systems in case they had been breached.

There's a "Reasonable chance" that Ivanti Connect Secure VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say. The latest data from Volexity shows that successful exploits of two Ivanti zero-days have accelerated sharply to more than 1,700 devices.

Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.

Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information. Understanding zero-trust design philosophy and principlesIn this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy.

Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant's threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure - the VPN server appliance previously known as Pulse Connect Secure - and its Policy Secure gateways on Wednesday.

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. Zipline Passive Backdoor: custom malware that can intercept network traffic, supports upload/download operations, creating reverse shells, proxy servers, server tunneling.

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure...

Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. Ivanti believes fewer than ten victims have been successfully attacked thus far, but according to a Shodan scan by Beaumont, the number of vulnerable gateways exposed to the internet is just north of 15,000.