Topics

Latest

AI

Amazon

Article image

Image Credits:Javier Zayas Photography / Getty Images

Apps

Biotech & Health

clime

High angle view of many yellow padlocks on yellow background. One of them is open.

Image Credits:Javier Zayas Photography / Getty Images

Cloud Computing

commercialism

Crypto

enterprisingness

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

ironware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

seclusion

Robotics

Security

Social

blank

startup

TikTok

Transportation

speculation

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

video recording

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Hackers are exploiting yet another vulnerability in one of Ivanti ’s widely used enterprise merchandise , the U.S. government ’s cybersecurity agency CISA warn in a fresh alert this week .

Theremote code executionflaw in Ivanti Endpoint Manager ( EPM ) , a tool that helps organisation manage and secure their fleets of employee devices , was first unwrap by Trend Micro ’s Zero Day Initiative in April and patched by Ivanti the following month .

The bug allow an unauthenticated assaulter to remotely bleed malicious code on an affected Ivanti customer ’s server .

Now CISA says hackers are actively exploiting this exposure — track as CVE-2024 - 29824 — to hack into unpatched systems , according toits advisoryon Wednesday , citing evidence of active exploitation . CISA ’s advisory requires that all federal civilian representation update vulnerable organization by October 23 to represent against exploitation .

“ These type of vulnerabilities are frequent attack vectors for malicious cyber worker and pose significant risks to the Union enterprise , ” CISA said .

Ivanti , the U.S.-based IT software company with over40,000 corporate customers — include much of the Fortune 100 , confirm in an update to itsMay protection advisorythis calendar week that the vulnerability was actively used to target a “ limited issue ” of Ivanti customers .

Ivanti has n’t say how many of its customer were compromised , and an Ivanti spokesperson did not provide remark when contacted by TechCrunch . The troupe has yet to say if it was aware of any customer data exfiltration due to the via media .

The company is no stranger to cyberpunk ill-treat vulnerability in its software . Earlier this year , it confirm that hackers weremass - exploitingvulnerabilities in Connect Secure , Ivanti ’s remote approach VPN solution used by 1000 of corporations and prominent organizations worldwide .

This disclosure came just week after Ivanticonfirmedthe exploitation of two earlier zero - daylight flaws in Connect Secure . Security researchers linked the attacks to China - back drudge who had been using the exposure to wear out into customer networks and slip entropy .