CVE-2021-22893

Two-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.

Posted: 5 May, 20218 Min ReadThreat Intelligence SubscribeMulti-Factor Authentication: Headache for Cyber Actors Inspires New Attack TechniquesTwo-factor or multi-factor authentication is used to secure organizations and accounts from attackers, making it a problem for malicious actors. Recent attacks show how they are attempting to bypass or avoid it completely.In recent years two-factor or multi-factor authentication (MFA) has been touted as the way to...

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks By Sergiu Gatlan April 3, 2024 01:29 PM 0 IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. Unauthenticated attackers can exploit one of them, a high-severity flaw tracked as CVE-2024-21894, to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require use...

Ivanti fixes critical Standalone Sentry bug reported by NATO By Sergiu Gatlan March 20, 2024 01:08 PM 0 Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. Standalone Sentry is deployed as an organization's Kerberos Key Distribution Center Proxy (KKDCP) server or as a gatekeeper for ActiveSync-enabled Exchange and Sharepoint servers. Tracked as CVE-2023-41724, the security flaw impacts all supported ...

CISA warns against using hacked Ivanti devices even after factory resets By Sergiu Gatlan February 29, 2024 03:35 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. Furthermore, they can also evade detection by Ivanti's internal and external Integrity Checker Tool (ICT) on Ivanti Connect Secure...

CISA cautions against using hacked Ivanti VPN gateways even after factory resets By Sergiu Gatlan February 29, 2024 03:35 PM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. Furthermore, they can also evade detection by Ivanti's internal and external Integrity Checker Tool (ICT) on Iv...

Crucial flaw won't be fixed until next month Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month. On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways. "There is a new issue,...