Get the latest tech news
Ivanti patches two zero-days under attack, but finds another
Germany's cybersecurity authority said the new two flaws — one of them a zero-day — "put all previously mitigated systems at risk again."
Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Cybersecurity companies Volexity and Mandiant previously attributed the exploitation of the initial round of Connect Secure bugs to a China government-backed hacking group motivated by espionage. Ivanti is now advising that customers “factory reset their appliance before applying the patch to prevent the threat actor from gaining upgrade persistence in your environment.”
Or read this on TechCrunch