Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit devices,” Volexity researchers claim. Initial findings Both Volexity and Ivanti revealed on January 10 that unknown attackers have been leveraging exploits for CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection vulnerability) to breach organizations and ultimately … More
The post 1,700 Ivanti VPN devices compromised. Are yours among them? appeared first on Help Net Security.