January 19, 2024 at 11:57PM
The U.S. CISA issued an emergency directive for Federal Civilian Executive Branch agencies to address actively exploited zero-day flaws in Ivanti Connect Secure and Policy Secure products. These vulnerabilities allow threat actors to execute commands and are being exploited, necessitating immediate mitigation. Ivanti is expected to release an update next week. Organizations using these products are instructed to apply the mitigation and monitor for compromise signs. Additionally, cybersecurity firms have observed attacks leveraging these flaws, indicating widespread exploitation.
Key Takeaways from the Meeting Notes:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive urging Federal Civilian Executive Branch agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
– The vulnerabilities include an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) which allow malicious actors to execute arbitrary commands on affected systems.
– Ivanti is expected to release an update to address the flaws next week and has provided a temporary workaround through an XML file.
– CISA is urging organizations to apply the mitigation, run an External Integrity Checker Tool, and take steps to revoke and reissue certificates, reset passwords, and perform other security measures.
– Cybersecurity firms have observed attacks weaponizing the vulnerabilities, with as many as 2,100 devices worldwide estimated to have been compromised to date.
– The initial attack wave has been attributed to a Chinese nation-state group and is being tracked by various organizations under different names.
– Threat intelligence firm GreyNoise has observed the vulnerabilities being abused for opportunistic exploitation for financial gain, including dropping persistent backdoors and cryptocurrency miners.
Feel free to follow us on Twitter and LinkedIn for more exclusive content.