CyberSecurityBoard
Sponsor Register Login

CISA confirms compromise of its Ivanti systems

CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency.
Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a Chinese nation-state threat actor.
CVE-2023-46805 is an authentication bypass vulnerability in Ivanti Policy Secure, and CVE-2024-21887 is a command injection flaw in select versions of Ivanti Connect Secure.
The two can be chained together to achieve unauthenticated remote code execution.
At the end of January, Ivanti finally released patches for both zero-days alongside disclosures of two new flaws, one of which was also a zero-day.
CVE-2023-46805 and CVE-2024-21887 have come under mass exploitation from a variety of threat actors, and among the victims is CISA. Cybersecurity news outlet The Record first reported on Friday that hackers breached the Ivanti systems of the U.S. cyber agency.
CISA confirmed the incident to TechTarget Editorial in the following statement.
About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.
The impact was limited to two systems, which we immediately took offline.
We continue to upgrade and modernize our systems, and there is no operational impact at this time.
This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.
We strongly urge all organizations to review our latest Ivanti advisory and take the steps outlined in it to protect their systems.
In the referenced advisory, published Feb. 29, CISA provided additional technical details surrounding the vulnerabilities and questioned the effectiveness of Ivanti's Integrity Checker Tool.
In previous advisories, Ivanti urged customers to run its internal and external ICTs to test for evidence of compromise.
CISA said it and its partners determined threat actors deceived the tool.
Ivanti pushed back, saying in a blog post that CISA's lab-based finding had not been found in the wild.
The vendor released a new version of the external ICT two days before the agency's advisory.
It's unclear if the latest version of the external ICT tool, which Ivanti released on Feb. 27, fully addressed CISA's concerns regarding the ineffective detection of compromises.
TechTarget Editorial asked Ivanti about CISA's security incident, but a company spokesperson declined to comment.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 11 Mar 2024 19:43:06 +0000


Cyber News related to CISA confirms compromise of its Ivanti systems

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
6 months ago Techtarget.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
3 months ago Securityaffairs.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
8 months ago Unit42.paloaltonetworks.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
8 months ago Techtarget.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
7 months ago Techtarget.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
7 months ago Securityweek.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
7 months ago Go.theregister.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
8 months ago Bleepingcomputer.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
8 months ago Go.theregister.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
7 months ago Bleepingcomputer.com
Ivanti Breach Prompts CISA to Take Systems Offline - According to officials, threat actors breached the Cybersecurity and Infrastructure Security Agency's systems using Ivanti product vulnerabilities back in February. Suspicious activity was first identified a month ago in two systems that were taken ...
6 months ago Darkreading.com
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
7 months ago Malwarebytes.com
CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
8 months ago Bleepingcomputer.com
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
7 months ago Go.theregister.com
New cybercrime crew Magnet Goblin caught exploiting Ivanti The Register - There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed ...
6 months ago Theregister.com
CISA Issues Emergency Directive on Ivanti Zero-Days - The US government's cybersecurity agency CISA is ramping up the pressure on organizations to urgently mitigate a pair of critical vulnerabilities in Ivanti Connect Secure VPN devices. The CISA missive sets strict deadlines for Federal Civilian ...
8 months ago Securityweek.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
7 months ago Cysecurity.news
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
6 months ago Securityweek.com
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
6 months ago Hackread.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
8 months ago Techrepublic.com
CISA Orders Ivanti VPN Appliances Disconnected: What to Do - The United States Cybersecurity and Infrastructure Security Agency has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively ...
7 months ago Darkreading.com
CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by ...
8 months ago Cisa.gov
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices. Threat actors are continuing to leverage ...
7 months ago Cisa.gov
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
9 months ago Cisa.gov
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
8 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)