April 4, 2024 at 12:57AM Ivanti has released security updates to fix four flaws affecting Connect Secure and Policy Secure Gateways. These flaws could lead to code execution and denial-of-service attacks. The vulnerabilities include heap overflow, null pointer dereference, and XML entity expansion issues. Ivanti has been addressing security flaws and is working on improving … Read more
March 12, 2024 at 04:11PM Threat actors targeted Ivanti edge devices earlier this year. One-day exploit CVE-2024-21887 in Ivanti Connect Secure and Policy Secure gateways, rated 9.1/10, was quickly capitalized on by “Magnet Goblin.” Known for exploiting one-days in public-facing services, this group deploys malware capable of flying under the radar, emphasizing the need for … Read more
February 12, 2024 at 11:32AM Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti products to deploy the DSLog backdoor, allowing remote command execution. The vulnerability, known as CVE-2024-21893, affects SAML components and enables bypassing authentication. Successful attacks have been reported, prompting the release of security updates to mitigate the risk. Key takeaways … Read more
February 9, 2024 at 04:36PM Ivanti disclosed a new vulnerability in its gateways, confusing researchers who claim discovery. Ivanti, attributing the find to in-house review, faces dispute from watchTowr, who published evidence of prior notification. The high-severity flaw, affecting limited versions, requires patching and mitigation. Recent security issues prompt CISA and NCSC advisories. (Word count: … Read more
February 8, 2024 at 02:53PM Ivanti warns of authentication bypass vulnerability (CVE-2024-22024) in Connect Secure, Policy Secure, and ZTA gateways, allowing remote access to unpatched appliances. No evidence of customer exploitation, but immediate action is recommended. Over 20,000 ICS VPN gateways tracked online. Ivanti devices targeted in zero-day attacks. Security patches released. CISA orders disconnection … Read more
February 6, 2024 at 03:15AM A server-side request forgery (SSRF) vulnerability in Ivanti products is being widely exploited, leading to mass attacks from over 170 unique IP addresses. The exploit allows unauthorized access to restricted resources. Security firm Rapid7 released a proof-of-concept exploit, and outdated open-source components in Ivanti VPN appliances pose further security risks. … Read more
February 1, 2024 at 03:33AM Mandiant, owned by Google, reported identifying new malware used by espionage threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. The malware includes web shells like BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE, enabling arbitrary command execution and data exfiltration. Ivanti has disclosed and fixed security … Read more
January 11, 2024 at 04:01AM A pair of zero-day flaws in Ivanti Connect Secure (ICS) and Policy Secure have been exploited by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity identified the activity and attributed it to a hacking group it tracks under the name UTA0178. Patches are expected to … Read more