April 19, 2024 at 03:03PM MITRE Corporation confirmed a state-backed hacking group breached its systems in January 2024 using two Ivanti VPN zero-days. The breach affected the NERVE network used for research. MITRE notified affected parties, authorities, and is restoring operational alternatives. The investigation found no impact on core systems and partners’ systems. CISA issued … Read more
April 12, 2024 at 10:41AM CISA warns of Russian spies’ theft of sensitive data from Microsoft’s email system, prompting an Emergency Directive for affected agencies to analyze exfiltrated emails, reset compromised credentials, and enhance security. Microsoft and CISA collaborate to provide metadata on the exfiltrated emails. Security experts criticize Microsoft’s security practices and disclosure approach. … Read more
April 12, 2024 at 12:45AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directive 24-02, urging federal agencies to look for signs of compromise and take preventive measures after the recent Microsoft system compromise by the Russian group Midnight Blizzard. The directive emphasizes analyzing exfiltrated emails, resetting compromised credentials, and applying stringent security … Read more
April 11, 2024 at 01:49PM The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring U.S. federal agencies to address risks arising from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. The directive mandates agencies to investigate affected emails, reset compromised credentials, and secure privileged Microsoft … Read more
February 9, 2024 at 04:36PM Ivanti disclosed a new vulnerability in its gateways, confusing researchers who claim discovery. Ivanti, attributing the find to in-house review, faces dispute from watchTowr, who published evidence of prior notification. The high-severity flaw, affecting limited versions, requires patching and mitigation. Recent security issues prompt CISA and NCSC advisories. (Word count: … Read more
February 5, 2024 at 03:50PM Miscreants are exploiting the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability CVE-2024-21893. Ivanti disclosed the bug in their software on January 31 and expects increased exploitation once details are public. Exploits targeting it are multiplying, with over 170 attacking IPs involved. The US Cybersecurity agency issued an emergency … Read more
February 1, 2024 at 08:52AM CISA has directed U.S. federal agencies to disconnect vulnerable Ivanti Connect Secure or Policy Secure VPN appliances due to exploited bugs. Ivanti is targeted in attacks using zero-day flaws, prompting the release of security patches and mitigation instructions. Agencies are required to follow a series of steps to bring the … Read more
January 19, 2024 at 07:54PM CISA is pressuring organizations to urgently address critical vulnerabilities in Ivanti Connect Secure VPN. Agencies must apply available mitigations, remove compromised products, and report infected devices. This follows a Chinese government-backed hacking team exploiting the vulnerabilities. The company has released pre-patch mitigations, with comprehensive fixes set to begin rollout on … Read more
January 19, 2024 at 02:30PM CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for … Read more