Ivanti Zero-Day Patches Delayed as ‘KrustyLoader’ Attacks Mount

Ivanti, an IT security company, is currently grappling with a double blow. The crisis revolves around an escalating series of attacks by ‘KrustyLoader’ on the heels of delayed deployment of Ivanti’s zero-day patches. But an even more daunting challenge has arisen from the fact that Remote Code Execution (RCE) and authorization bypass bugs in their Connect Secure VPNs have gone unpatched for more than 20 days. This has presented an opportunity for state-sponsored groups to exploit these vulnerabilities and surreptitiously backdoor Ivanti gear. Ivanti’s current ordeal underscores the seriousness of effectively managing patch timelines and understanding the intricacies of security infrastructure in thwarting potential breaches.

Published: Tue, 30 Jan 2024 23:22:00 GMT