Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities

Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities.
Tracking these exploits, the Check Point Research team said it encountered a cluster of activities attributed to a threat actor dubbed Magnet Goblin.
The actor has been observed methodically leveraging 1-day vulnerabilities, particularly targeting edge devices like the Ivanti Connect Secure VPN. Magnet Goblin uses custom Linux malware to pursue financial gain.
These exploits involve the deployment of malware via a range of methods, including the exploitation of vulnerabilities in Magento, Qlik Sense and potentially Apache ActiveMQ. Detailed in an advisory published on Friday, the researchers' investigation revealed a sophisticated infrastructure behind Magnet Goblin's operations.
They found evidence of the deployment of payloads such as WARPWIRE JavaScript credential stealers and Ligolo tunneling tools.
The threat actor's activities extended beyond Linux environments, with some instances targeting Windows systems using tools like ScreenConnect and AnyDesk, suggesting a wide-ranging and adaptable approach.
CPR said the analysis of NerbianRAT variants sheds light on the intricacies of the malware's operation.
From initialization to command-and-control, the malware exhibits a sophisticated design, allowing for flexibility in executing various actions on infected machines.
MiniNerbian, a simplified version of NerbianRAT, further showcases the threat actor's adaptability and stealthy tactics.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 11 Mar 2024 17:00:16 +0000

Cyber News related to Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities

New cybercrime crew Magnet Goblin caught exploiting Ivanti The Register - There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed ...
1 year ago Theregister.com Volt Typhoon Cactus

Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
1 year ago Hackread.com CVE-2024-21887

'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours - While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure. Of the five vulnerabilities that came to light in recent months, ...
1 year ago Darkreading.com CVE-2024-21887

Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities - Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, ...
1 year ago Infosecurity-magazine.com CVE-2023-46805 CVE-2023-21887

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

Never-before-seen Linux malware gets installed using 1-day exploits - Researchers have unearthed Linux malware that circulated in the wild for at least two years before being identified as a credential stealer that's installed by the exploitation of recently patched vulnerabilities. The newly identified malware is a ...
1 year ago Packetstormsecurity.com

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Thoma Bravo Acquires Magnet Forensics in Billion Dollar Deal - Thoma Bravo, a leading private equity investment firm, recently announced an agreement to acquire Magnet Forensics, a global leader in digital investigation technology, in a billion-dollar deal. This marks the largest Thoma Bravo purchase ever and ...
2 years ago Securityweek.com

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
1 year ago Go.theregister.com

Ivanti Security Update: Patch for Multiple Vulnerabilities in Connect and Policy Secure - Ivanti, a leading provider of IT security and management solutions, has announced the release of critical updates for its Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. Organizations using Ivanti Connect Secure and Policy Secure ...
1 month ago Cybersecuritynews.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
1 year ago Go.theregister.com CVE-2024-21893 Hunters

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024

Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
5 months ago Bleepingcomputer.com CVE-2025-22457

Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
1 year ago Malwarebytes.com CVE-2024-22024

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
1 year ago Techrepublic.com CVE-2023-46805 CVE-2024-21887

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
1 year ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887

Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
5 months ago Cybersecuritynews.com CVE-2025-22457

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893

Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
1 year ago Techtarget.com CVE-2024-21887 CVE-2023-46805

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887