patches

Government-Sponsored Hackers Exploit Fresh Ivanti VPN Vulnerabilities – No Fixes Available

Gettyimages 548311037
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software. Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet. When TechCrunch asked why patches weren’t being made available immediately, Ivanti declined to comment. Ivanti is urging that potentially impacted organizations prioritize following its mitigation guidance, and U.S. cybersecurity agency CISA has also published an advisory urging Ivanti Connect Secure to mitigate the two vulnerabilities immediately.

Trending now

Baby wearables, texts from dogs, and E-Ink cars • TechCrunch
The Future of Babies: Wearables, Text Messages from Furry Friends, and E-Ink Automobiles
Instagram now lets you bookmark posts with friends and store them in a dedicated space
Create and Explore a Saved Space with Instagrams New Bookmarking Feature
Atomos tows a $16M load of funding to create tugboats in space • TechCrunch
Atomos Takes Off With $16M For Tugboats in Space
Gettyimages 942480316
Vestwell secures $125M investment to enhance workplace savings programs for businesses