Summary:

Ivanti has released patches for two critical zero-day vulnerabilities, which also cover two new bugs. One of the new bugs is actively being exploited in attacks. The vulnerabilities impact Ivanti's Connect Secure VPN product and Policy Secure network access control offering. Ivanti advises customers to factory reset their appliances before applying the patch to prevent threat actors from gaining "upgrade persistence." In related news, security researchers have discovered new malware linked to the original Ivanti zero-day vulnerabilities, including a webshell called Bushwalk.

Hashtags:

#Ivanti #security #vulnerabilities #zero-day #patches #bugs #malware #webshell #ConnectSecure #PolicySecure

https://www.infosecurity-magazine.com/news/ivanti-zeroday-patches-two-new-bugs/