U.S. software company Ivanti has confirmed the exploitation of two critical vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in its widely used corporate VPN appliance, Ivanti Connect Secure.
These vulnerabilities, described as “zero-day,” allow unauthenticated remote code execution.
Ivanti acknowledges fewer than 10 impacted customers, with evidence suggesting one compromise as early as December 3, linked to a China-backed hacking group (UTA0178). Security researcher Kevin Beaumont estimates around 15,000 affected Ivanti appliances globally.
Enjoy true online freedom with PC Matic VPN. Hide your online activity, secure your connection, and access region-blocked content, from anywhere.
With PC Matic‘s complete protection, users enjoy the advantages of antivirus protection, premium identity theft protection, bank and credit monitoring, dark web monitoring, and 100% USA-based phone support.
Patches are expected by mid-February, but immediate mitigation is advised. Past compromises may not be resolved by applying mitigations.
PC Matic delivers complete home and business cybersecurity protection against ransomware, malware, identity theft, online tracking, data breaches, and more. For over 20 years, PC Matic’s award-winning cyber protection has saved millions of satisfied customers from becoming the next cybercrime victim and is exclusively made in the USA.
Learn more about PC Matic today!
pcmatic.com
[email protected]
