Security News

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief...

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. [...]

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The...

​Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. [...]

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool portal. Essentially, it's used to determine which facilities are deemed high risk under Chemical Facility Anti-Terrorism Standards regulations.

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six...

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About...

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which...

MITRE has been breached by attackers via two zero-day vulnerabilities in Ivanti's Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network's VMware infrastructure, MITRE confirmed late last week.

The MITRE Corporation reported a cyber attack that began in January 2024, involving a nation-state actor exploiting two zero-day vulnerabilities in Ivanti Connect Secure appliances. The attack compromised MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), which is an unclassified network used for research and prototyping.The attackers used these vulnerabilities to bypass multi-factor authentication and execute arbitrary commands. They gained initial access, moved laterally within the network, and compromised the VMware infrastructure using an administrator account. This allowed them to deploy backdoors and web shells for ongoing access and data extraction.