MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is known about the breach? The MITRE Corporation is an American not-for-profit organization that manages federally funded research and development centers supporting various US government agencies. “After detecting suspicious activity on [MITRE’s] Networked Experimentation, Research, and … More
The post MITRE breached by nation-state threat actor via Ivanti zero-days appeared first on Help Net Security.