TLDR: Cyber authorities in the U.S. and Australia have issued warnings that threat actors are finding ways to get around some mitigations put in place by Ivanti for its Connect Secure and Policy Secure Gateways. Ivanti has also discovered two new vulnerabilities in these devices. The vulnerabilities are CVE-2024-21888, which affects Policy Secure, and CVE-2024-21893, which affects supported versions of Connect Secure and Policy Secure Gateways. Ivanti has released a patch to address these vulnerabilities and is recommending that customers factory reset their appliances before applying the patch as an extra precaution. Threat actors have reportedly developed workarounds to some mitigation and detection methods, leading to ongoing exploitation activities. Cyber authorities are advising organizations to investigate and monitor systems for potential compromise.
Beware Ivanti mitigations breached by clever threat actors | IT World Canada News
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-116.png)
Latest from News
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-121-720x480.png)
OpenStack Nova flaw lets hackers infiltrate cloud servers without permission
TLDR: A vulnerability in OpenStack’s Nova component, tracked as CVE-2024-40767, allows hackers to gain unauthorized access to cloud servers. The vulnerability affects multiple versions
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-40-720x480.jpg)
CrowdStrike alert: New phishing scam targets German customers
TLDR: – CrowdStrike warns of a new phishing scam targeting German customers. – Malicious installers distributed via a fake website impersonating a German entity.
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-36-720x480.jpg)
Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea
Article Summary TLDR: UK, US, and S. Korea issued a warning about a North Korea-backed cyber espionage campaign The group Andariel has been targeting
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-24-720x480.jpg)
Security leaders weigh in on SEC cyber disclosure ruling one year later
TLDR: One year after the SEC cyber disclosure ruling, security leaders weigh in on its impact. Security professionals reflect on the lack of significant
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-33-720x480.jpg)
Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats
TLDR: Viettel Cyber Security and Banbros Commercial Inc. addressed emerging cyber threats in the Philippines at a launching event. The event focused on discussing