April 19, 2024 at 03:03PM MITRE Corporation confirmed a state-backed hacking group breached its systems in January 2024 using two Ivanti VPN zero-days. The breach affected the NERVE network used for research. MITRE notified affected parties, authorities, and is restoring operational alternatives. The investigation found no impact on core systems and partners’ systems. CISA issued … Read more
February 13, 2024 at 08:27AM Ivanti VPN vulnerability exploited to deploy new ‘DSLog’ backdoor, allowing command execution, web request, and system log theft. SecurityWeek reported the backdoor’s use following the exploit. Based on the meeting notes, the discussion revolved around the deployment of a backdoor using a recent vulnerability in Ivanti VPN. This backdoor allows … Read more
January 30, 2024 at 06:27PM Attacks are exploiting zero-day vulnerabilities in Ivanti VPNs allowing remote code execution and authentication bypass. Rust-based backdoors are being deployed, downloading a backdoor malware, “KrustyLoader.” Chinese state-sponsored APT actors are exploiting these bugs worldwide. Patches for the vulnerabilities (CVE-2024-21887 and CVE-2023-46805) have been delayed, with Ivanti targeting a release this … Read more
January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook … Read more