Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti.
If you’re an admin or a user of the two products affected, VPN service Ivanti Connect Secure (ICS) and network access control toolkit Policy Secure, you should immediately apply the current workaround in Ivanti’s security update, the US Cybersecurity and Infrastructure Security Agency (CISA) warned last night.
ICS is used widely in enterprises and governments, and more victims are likely to surface now the vulnerabilities have been disclosed, according security researcher Kevin Beaumont.
