Craig McCann’s Post

#informationsecurity #itsecurity #cybersecurity #cybersecurityawareness #patchmanagement #vulnerabilitymanagement Despite initial mitigations, attackers bypassed defenses, compromising even the device's configuration files, leading Ivanti to postpone its firmware patches, scheduled for January 22, to address the sophisticated threat. Due to the situation with active exploitation of multiple critical zero-day vulnerabilities, lack of effective mitigations, and lack of security updates for some of the impacted product versions, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has ordered federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. https://lnkd.in/eRZDSgwP

Newest Ivanti SSRF Zero-Day Now Under Mass Exploitation 🛡 Cyber threat warnings have escalated as the Ivanti Connect Secure and Ivanti Policy Secure servers face a massive spike in attacks exploiting the server-side request forgery (SSRF) vulnerability (CVE-2024-21893). The flaw allows attackers to bypass authentication and gain access to restricted resources on vulnerable devices. ⚔ In response to the high volume of exploitation attempts from over 170 distinct IP addresses, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has ordered federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances until they have been safely reset and upgraded to the latest firmware version. ⚔ In this challenging cyber landscape, your organisation’s safety hinges on staying ahead of emerging threats and fortifying weak spots in your infrastructure. Ongoing monitoring of malicious activities in the deep & dark web, coupled with a proactive approach, can drastically reduce risky exposures. Schedule a personalised demo with us: https://buff.ly/3KQ8dEa #Cybersecurity #Cyberattack #ThreatIntelligence #SSRF #Ivanti Dig deeper into the story below👇🏼:

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893): CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted resources on vulnerable solutions. It affects the SAML component of: Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x) Ivanti Neurons for ZTA (SaaS-delivered zero trust network access solution) Its existence, along with that … More → The post Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) appeared first on Help Net Security. @Poseidon-US #HelpNetSecurity #Cybersecurity

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. https://lnkd.in/dSnYkWTk #cybersecurity #ciberseguridad #vulnerabilities

Attention all network security professionals! There's a new threat on the horizon. Recent reports show that a security flaw in Ivanti Connect Secure, Policy Secure, and ZTA gateways is being exploited by threat actors. These attackers are using the flaw to install a backdoor, known as DSLog, on vulnerable devices. Make sure to take the necessary precautions to protect your network from this potential threat. Stay vigilant and keep your security measures up to date. #networksecurity #cybersecurity #threatactors #backdoor #DSLog

🚨 UPDATE: UNC5325 and UNC3886 Exploit Ivanti Connect Secure VPN Vulnerabilities to Deploy Malware Amid recent cybersecurity findings, researchers have unveiled significant developments concerning #cyberespionage activities linked to #China. Two threat groups, #UNC5325 and #UNC3886, have emerged as key players in exploiting vulnerabilities within #Ivanti Connect Secure VPN appliances. UNC5325, identified as a sophisticated Chinese threat actor, has capitalized on the CVE-2024-21893 vulnerability to infiltrate Ivanti appliances. This exploit has facilitated the deployment of a suite of new #malware strains, including #LittleLamb. WoolTea, PitStop, Pitdog, PitJet, and PitHook. Notably, researchers suggest a connection between UNC5325 and UNC3886, citing code similarities between their malware variants. Read More 👇 https://lnkd.in/drsz7EE9

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893): CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted resources on vulnerable solutions. It affects the SAML component of: Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x) Ivanti Neurons for ZTA (SaaS-delivered zero trust network access solution) Its existence, along with that … More → The post Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) appeared first on Help Net Security. #HelpNetSecurity #Cybersecurity

Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers. Here's what you need to know: 1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Ivanti have alerted customers to two actively exploited vulnerabilities existing in Ivanti's Connect Secure, a widely used VPN tool. One enables access to restricted resources, while the other enables command delivery to devices. 2. Vulnerabilities apparently being deployed together by as-yet unidentified threat actor potentially linked to Chinese state-level activities. The issues could allow hackers to steal data, alter files, and perform network reconnaissance. As of now, no evidence suggests the vulnerabilities were maliciously inserted into the code. 3. Ivanti is currently developing a patch, urged immediate mitigation measures, and recommended customers to monitor their network traffic for suspicious activities. Besides, customers are advised to bring on board a cybersecurity firm if evidence of compromise is detected as Ivanti does not provide forensic services. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eSbJssst

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure. A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178. There is evidence to suggest that the VPN appliance may have been compromised as early as December 3, 2023. https://lnkd.in/erWiQAs6?

“The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild.     The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass that's a patch bypass for another flaw in the same solution tracked as CVE-2023-35078 (CVSS score: 10.0).”    Attention to all Ivanti users, please update to the latest version as soon as possible to avoid further complications! Read more about the news article and share your thoughts with us! https://lnkd.in/gru-qxVr     #cybertronium #cybertroniummalaysia #zeroday #cyberthreat