Ivanti CEO Jeff Abbott has promised a renewed focus at the company on product security, after multiple zero days in its SSL VPN appliances were exploited in the wild this year – thousands of customers were breached.

Subsequent product analysis of the Ivanti Pulse Secure product showed that it was built with a sweeping array of unsupported and end-of-life software packages and shipped with massive 973 known vulnerabilities.

This included an 11-year-old, unsupported base operating system.

Among the Ivanti zero days exploited this year were a brace that gave any unauthenticated remote attacker remote code execution and bypassed multi-factor authentication. Mass attacks started on January 11.

Get the full story: Subscribe for free

Get the story, a weekly newsletter (you can turn that off if you want) and help us fight bots and feral algorithms. Subscribe today.

Subscribe now

Already a member? Sign in