Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/111801326136256236">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Jan-2024 04:47:44 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/111785167284753041" rel="in-reply-to">in reply to</a></div></section><article><p>Latest <a href="https://cyberplace.social/tags/ConnectAround" rel="tag">#ConnectAround</a> issue - there’s no patch, and the mitigation silently fails to work if an admin makes a config change elsewhere. </p><p>If you run Pulse Secure I’d suggest being very cautious. </p><p><a href="https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/" rel="nofollow noreferrer">https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/</a></p><p><a href="https://cyberplace.social/tags/threatintel" rel="tag">#threatintel</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2587727#notice-5192287">In conversation</a><time datetime="2024-01-23T04:47:44+09:00" title="Tuesday, 23-Jan-2024 04:47:44 JST">about a year ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/111801326136256236" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/111801326136256236">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.bleepstatic.com</div><h5><a href="https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/#threatintel">Ivanti: VPN appliances vulnerable if pushing configs after mitigation</a></h5><div> from <span>@BleepinComputer</span></div></header><div>Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Jan-2024 04:47:44 JST Kevin Beaumont
in reply to
Latest #ConnectAround issue - there’s no patch, and the mitigation silently fails to work if an admin makes a config change elsewhere.
If you run Pulse Secure I’d suggest being very cautious.
https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/
#threatintel
In conversationabout a year ago from cyberplace.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.bleepstatic.com
  Ivanti: VPN appliances vulnerable if pushing configs after mitigation
  from @BleepinComputer
  Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.

Public

Embed Notice

HTML Code

Corresponding Notice