Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months since attackers started exploiting a string of zero-days in Ivanti Connect Secure and bypassing mitigations for them, the company’s CEO has announced they will be accelerating security initiatives and improving security practices.

Source: Help Net Security