CISA Issues Emergency Directive on Ivanti Zero-Days

The US government's cybersecurity agency CISA is ramping up the pressure on organizations to urgently mitigate a pair of critical vulnerabilities in Ivanti Connect Secure VPN devices.
The CISA missive sets strict deadlines for Federal Civilian Executive Branch agencies running Ivanti Connect Secure and Ivanti Policy Secure to apply available mitigations, hunt for infections and share indicators of compromise.
The emergency directive also calls for the removal of compromised products from networks and a report to CISA that provides an inventory of infected devices and details on actions taken.
The CISA emergency directive comes less than two weeks after researchers at Volexity caught a Chinese government-backed hacking team chaining an exploit for the two Ivanti vulnerabilities to launch remote, unauthenticated code execution attacks.
In a research report released last week, Volexity flagged the two flaws as CVE-2023-46805 and CVE-2024-21887 and warned that they were being exploited against Internet-facing Ivanti Connect Secure VPN appliances.
Ivanti, a company that has struggled with major security problems, has released pre-patch mitigations for the new vulnerabilities but said comprehensive fixes will be released on a staggered schedule beginning on January 22.
The Volexity researchers said they caught the attackers modifying legitimate ICS components and making changes to the system to evade Ivanti's Integrity Checker Tool; and backdooring a legitimate CGI file on the ICS VPN appliance to allow command execution.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 19 Jan 2024 22:13:04 +0000

Cyber News related to CISA Issues Emergency Directive on Ivanti Zero-Days

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
9 months ago Bleepingcomputer.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
8 months ago Techtarget.com

Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
10 months ago Bleepingcomputer.com

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
9 months ago Go.theregister.com

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
9 months ago Techtarget.com

CISA Issues Emergency Directive on Ivanti Zero-Days - The US government's cybersecurity agency CISA is ramping up the pressure on organizations to urgently mitigate a pair of critical vulnerabilities in Ivanti Connect Secure VPN devices. The CISA missive sets strict deadlines for Federal Civilian ...
10 months ago Securityweek.com

CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by ...
10 months ago Cisa.gov

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
10 months ago Techtarget.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
10 months ago Unit42.paloaltonetworks.com

Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
10 months ago Bleepingcomputer.com

CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
10 months ago Bleepingcomputer.com

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
9 months ago Bleepingcomputer.com

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 month ago Therecord.media

Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
11 months ago Bleepingcomputer.com

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
9 months ago Securityweek.com

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
10 months ago Go.theregister.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com

Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
6 months ago Cisa.gov

More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
9 months ago Go.theregister.com

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
9 months ago Cysecurity.news

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
10 months ago Securityweek.com

CISA Orders Ivanti VPN Appliances Disconnected: What to Do - The United States Cybersecurity and Infrastructure Security Agency has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively ...
9 months ago Darkreading.com

New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
9 months ago Bleepingcomputer.com

Latest Cyber News

CVE-2024-52739 - 17 hours ago
CVE-2018-9483 - 17 hours ago
CVE-2018-9485 - 17 hours ago
CVE-2018-9487 - 17 hours ago
CVE-2018-9470 - 17 hours ago
CVE-2018-9472 - 17 hours ago
CVE-2018-9477 - 17 hours ago
CVE-2024-11492 - 17 hours ago
CVE-2024-52770 - 18 hours ago
CVE-2024-52796 - 18 hours ago
CVE-2024-52769 - 18 hours ago
CVE-2024-51162 - 18 hours ago
CVE-2024-52725 - 18 hours ago
CVE-2024-11491 - 18 hours ago
CVE-2024-11490 - 18 hours ago
CVE-2024-11488 - 18 hours ago
CVE-2024-11486 - 19 hours ago
CVE-2024-11487 - 19 hours ago
CVE-2024-11485 - 19 hours ago
CVE-2024-52471 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-52282 - 2 days ago
CVE-2024-11278 - 1 day ago
CVE-2024-9653 - 1 day ago
CVE-2024-10515 - 1 day ago
CVE-2024-52614 - 1 day ago
CVE-2024-9239 - 1 day ago
CVE-2024-10855 - 1 day ago
CVE-2024-10899 - 1 day ago
CVE-2024-10900 - 1 day ago
CVE-2024-11277 - 1 day ago
CVE-2024-48895 - 1 day ago
CVE-2024-47865 - 1 day ago
CVE-2024-52033 - 1 day ago
CVE-2024-11176 - 1 day ago
CVE-2024-10126 - 1 day ago
CVE-2024-10127 - 1 day ago
CVE-2024-11179 - 1 day ago
CVE-2024-11494 - 1 day ago
CVE-2024-10665 - 1 day ago
CVE-2024-10891 - 1 day ago