Security News

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber...

Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. Ivanti also fixed a second critical vulnerability in its Neurons for ITSM IT service management solution that enables remote threat actors with access to an account with low privileges to execute commands "In the context of web application's user."

There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix. The cybercrime crew has targeted US medical, manufacturing, and energy-sector organizations, according to Check Point, which said it spotted Magnet Goblin abusing security holes in Ivanti's code to break into networks back in January just one day after a proof-of-concept, or PoC, exploit was made public.

The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure...

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. The authoring organizations encourage network defenders to assume that user and service account credentials stored within the affected Ivanti VPN appliances are likely compromised, hunt for malicious activity on their networks using the detection methods and indicators of compromise within this advisory, run Ivanti's most recent external ICT, and apply available patching guidance provided by Ivanti as version updates become available.

The U.S. Cybersecurity and Infrastructure Security Agency revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. CISA found that the Ivanti ICT failed to detect compromise while investigating multiple hacking incidents involving hacked Ivanti appliances.

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN...

Ivanti Secure VPN is a popular remote access VPN solution used by businesses, organizations and governments worldwide. French cyberdefense search engine ONYPHE has said that 29,664 Ivanti Secure VPN appliances are connected to the internet.

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. Starting with CVE-2024-22024, the issue is an XXE vulnerability in the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateways that allowsunauthorized access to restricted resources.