The MITRE Corporation has disclosed a breach impacting one of its collaborative networks used for research, development and prototyping.
Ivanti has released patches for four new vulnerabilities in its Connect Secure and Policy Secure appliances, as Mandiant said it has seen eight separate groups exploiting some older flaws in those devices.
Attackers exploiting Ivanti flaws attempted to achieve a deep level of persistence, showing how threat actors are going the extra mile to maintain a foothold on infected systems.
A new vulnerability has been disclosed in certain versions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances.
Federal agencies must disconnect Ivanti Connect Secure and Policy Secure appliances - which have actively exploited vulnerabilities in them - from agency networks within the next 48 hours.