Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation and researchers warn it could get ugly, fast.
This marks the third vulnerability discovered in Ivanti's Connect Secure VPN after the acknowledgment of two earlier bugs exploited by threat actors associated with China.
Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure, its remote access VPN solution used by thousands of corporations and large organizations worldwide. According to its website, Ivanti has more than 40,000 customers, including universities, healthcare organizations, and banks, whose technology allows their employees to log in from outside the office.
Researchers say attackers are mass-exploiting new Ivanti VPN flaw yahoo.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from yahoo.com Daily Mail and Mail on Sunday newspapers.