May 24, 2024 at 12:51PM MITRE Corporation disclosed a cyber attack on a not-for-profit company in late December 2023, revealing details of the attack involving rogue virtual machines created within the VMware environment. The attack, attributed to a China-linked threat actor, exploited Ivanti Connect Secure flaws and highlights the need for organizations to remain vigilant … Read more
May 9, 2024 at 07:49AM Two security flaws in Ivanti Connect Secure devices are exploited by the Mirai botnet, as per Juniper Threat Labs. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 allow attackers to execute arbitrary code and deploy malware on susceptible instances. This comes as SonicWall reports a fake Windows File Explorer executable installing a cryptocurrency miner. … Read more
April 22, 2024 at 08:00AM MITRE Corporation was targeted by a nation-state cyber attack exploiting two zero-day flaws in Ivanti Connect Secure appliances, compromising the NERVE network. The attack bypassed multi-factor authentication and moved laterally to breach VMware infrastructure. MITRE contained the incident and attributed the attack to a nation-state actor, urging for improved cybersecurity … Read more
April 5, 2024 at 01:47PM Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to remote code execution flaw CVE-2024-21894, exposing them to potential denial of service and unauthenticated user exploitation. This high-severity vulnerability has seen significant exposure worldwide, including state-sponsored threat actors and widespread exploitation, making it crucial for system administrators to … Read more
April 3, 2024 at 01:31PM Ivanti, an IT security software company, has released patches for multiple high-severity security vulnerabilities in its Connect Secure and Policy Secure gateways. Attackers can exploit these flaws for remote code execution and DoS attacks. The U.S. CISA has issued an emergency directive to secure Ivanti systems following zero-day attacks. Thousands … Read more
March 1, 2024 at 02:33AM The Five Eyes intelligence alliance issued a cybersecurity advisory warning about cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. They cautioned that the Integrity Checker Tool may provide a false sense of security, allowing threat actors root-level persistence despite factory resets. Ivanti … Read more
February 29, 2024 at 01:35PM The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued a joint Cybersecurity Advisory to warn about cyber threat actors exploiting vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Threat actors can bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Organizations are … Read more
February 29, 2024 at 01:27AM China-linked cyber espionage clusters UNC5325 and UNC3886 have exploited security flaws in Ivanti Connect Secure VPN appliances. They delivered new malware, maintained persistent access, and leveraged zero-day flaws to deploy implants targeting defense, technology, and telecommunication organizations in the U.S. and Asia-Pacific. Volt Typhoon and UTA0178 were also attributed to … Read more
February 6, 2024 at 03:15AM A server-side request forgery (SSRF) vulnerability in Ivanti products is being widely exploited, leading to mass attacks from over 170 unique IP addresses. The exploit allows unauthorized access to restricted resources. Security firm Rapid7 released a proof-of-concept exploit, and outdated open-source components in Ivanti VPN appliances pose further security risks. … Read more
February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more