CyberSecurityBoard
Sponsor Register Login

More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances.
It also announced two additional bugs today in the platform, CVE-2024-21888 and CVE-2024-21893 - the latter of which is also under active exploitation in the wild.
Ivanti has released its first round of patches for the original set of zero-days but only for some versions; additional fixes will roll out on a staggered schedule in the coming weeks, the company said in its updated advisory today.
In the meantime, Ivanti has provided a mitigation that unpatched organizations should apply immediately to avoid falling victim to mass exploitation by Chinese state-sponsored actors and financially motivated cybercriminals alike.
According to Mandiant, a China-backed advanced persistent threat it calls UNC5221 has been behind reams of exploitations going back to early December.
Activity in general has ramped up considerably since CVE-2024-21888 and CVE-2024-21893 were made public earlier in January.
A variant of the LightWire Web shell that inserts itself into a legitimate component of the VPN gateway, now featuring a different obfuscation routine.
ZipLine, a passive backdoor used by UNC5221 that uses a custom, encrypted protocol to establish communications with command-and-control.
Its functions include file upload and download, reverse shell, proxy server, and a tunneling server.
New variants of the WarpWire credential-theft malware, which steals plaintext passwords and usernames for exfiltration to a hard-coded C2 server.
Mandiant does not attribute all of the variants to UNC5221.
Multiple open source tools to support post-exploitation activities like internal network reconnaissance, lateral movement, and data exfiltration within a limited number of victim environments.
Ivanti and CISA released updated mitigation guidance yesterday that organizations should apply.
Two Fresh High-Severity Zero-Day Bugs In addition to rolling out patches for the three-week-old bugs, Ivanti also added fixes for two new CVEs to the same advisory.
CVE-2024-21888: A privilege escalation vulnerability in the Web component of Ivanti Connect Secure and Ivanti Policy Secure, allowing cyberattackers to gain administrator privileges.
Researchers also warn that the result of a compromise can be dangerous for organizations.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 31 Jan 2024 20:35:18 +0000


Cyber News related to More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll - Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances. It also announced two additional bugs today in the platform, CVE-2024-21888 and CVE-2024-21893 - the latter of ...
5 months ago Darkreading.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
5 months ago Bleepingcomputer.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
5 months ago Bleepingcomputer.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
5 months ago Techtarget.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
5 months ago Unit42.paloaltonetworks.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 month ago Cybersecurity-insiders.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
4 months ago Bleepingcomputer.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
4 months ago Go.theregister.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
5 months ago Techtarget.com
Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
6 months ago Cybersecurity-insiders.com
Mullvad VPN Review: Features, Pricing, Pros & Cons - Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Visit Mullvad VPN. Mullvad offers a flat rate of €5 or $5.48 per month, regardless of subscription length. If you're looking ...
5 months ago Techrepublic.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
5 months ago Bleepingcomputer.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
5 months ago Go.theregister.com
Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
4 months ago Techrepublic.com
The best VPN deals right now - You may be able to find offers for a VPN free trial, but you'll typically only get seven days free with limited bandwidth and a restricted number of servers. The best VPN deal is for Surfshark, a reliable and easy-to-use VPN with consistently low ...
5 months ago Zdnet.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
5 months ago Techrepublic.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
3 months ago Techtarget.com
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet - Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect Secure VPN is a virtual private network tool that ...
5 months ago Darkreading.com
The best VPN services for iPhone and iPad in 2023: Tested and reviewed - We've analyzed and ranked the top VPN services we've tested and researched over the years that offer solid iPhone and iPad clients, good performance, strong security and are suitable for the Apple ecosystem. Also: The best travel VPNs. Based on ...
6 months ago Zdnet.com
5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
3 months ago Techrepublic.com
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
5 months ago Securityweek.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
4 months ago Cysecurity.news
Ivanti Patches High-Severity Vulnerability in VPN Appliances - Ivanti on Thursday announced patches for a high-severity vulnerability impacting enterprise VPN and network access products. Tracked as CVE-2024-22024 and described as an XML external entity issue, the security defect was identified in the SAML ...
4 months ago Securityweek.com
5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
5 months ago Techrepublic.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 month ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)