When things go wrong, they go wrong fast. This week will dive into the widespread exploitation on iVanti VPN solution that attrackted a lot of attention from both the security community as well as from the bad guys. What went wrong? Stay tuned.
Just before we get into iVanti, lets review the other top security news this week.
- Millions of passwords of top brands such as facebook and others were found for sale.
- SonicWall API attracts attacks that can impacts over 170 thousand firewalls.
– https://psirt.global.sonicwall.com: CVE-2022-22274
– https://psirt.global.sonicwall.com: CVE-2023-0656
– https://forums.ivanti.com: CVE-2023-46805-Authentication Bypass and CVE-2024-21887 Command Injection for Ivanti Connect Secure and Ivanti Policy Secure Gateways
– https://forums.ivanti.com: Pulse Connect Secure (PCS) Integrity Assurance
– https://www.mandiant.com: Suspected APT targets Ivanti zeroday