More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances.
It also announced two additional bugs today in the platform, CVE-2024-21888 and CVE-2024-21893 - the latter of which is also under active exploitation in the wild.
Ivanti has released its first round of patches for the original set of zero-days but only for some versions; additional fixes will roll out on a staggered schedule in the coming weeks, the company said in its updated advisory today.
In the meantime, Ivanti has provided a mitigation that unpatched organizations should apply immediately to avoid falling victim to mass exploitation by Chinese state-sponsored actors and financially motivated cybercriminals alike.
According to Mandiant, a China-backed advanced persistent threat it calls UNC5221 has been behind reams of exploitations going back to early December.
Activity in general has ramped up considerably since CVE-2024-21888 and CVE-2024-21893 were made public earlier in January.
A variant of the LightWire Web shell that inserts itself into a legitimate component of the VPN gateway, now featuring a different obfuscation routine.
ZipLine, a passive backdoor used by UNC5221 that uses a custom, encrypted protocol to establish communications with command-and-control.
Its functions include file upload and download, reverse shell, proxy server, and a tunneling server.
New variants of the WarpWire credential-theft malware, which steals plaintext passwords and usernames for exfiltration to a hard-coded C2 server.
Mandiant does not attribute all of the variants to UNC5221.
Multiple open source tools to support post-exploitation activities like internal network reconnaissance, lateral movement, and data exfiltration within a limited number of victim environments.
Ivanti and CISA released updated mitigation guidance yesterday that organizations should apply.
Two Fresh High-Severity Zero-Day Bugs In addition to rolling out patches for the three-week-old bugs, Ivanti also added fixes for two new CVEs to the same advisory.
CVE-2024-21888: A privilege escalation vulnerability in the Web component of Ivanti Connect Secure and Ivanti Policy Secure, allowing cyberattackers to gain administrator privileges.
Researchers also warn that the result of a compromise can be dangerous for organizations.

This Cyber News was published on www.darkreading.com. Publication date: Wed, 31 Jan 2024 20:35:18 +0000

Cyber News related to More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll - Ivanti has finally begun patching a pair of zero-day security vulnerabilities disclosed on Jan. 10 in its Connect Secure VPN appliances. It also announced two additional bugs today in the platform, CVE-2024-21888 and CVE-2024-21893 - the latter of ...
1 year ago Darkreading.com CVE-2024-21888 CVE-2024-21893

Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
9 months ago Cybersecurity-insiders.com

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024

Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
1 year ago Cybersecurity-insiders.com

Mullvad VPN Review: Features, Pricing, Pros & Cons - Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Visit Mullvad VPN. Mullvad offers a flat rate of €5 or $5.48 per month, regardless of subscription length. If you're looking ...
1 year ago Techrepublic.com

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
1 year ago Techrepublic.com

Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
1 year ago Bleepingcomputer.com

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
1 year ago Go.theregister.com

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet - Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect Secure VPN is a virtual private network tool that ...
1 year ago Darkreading.com CVE-2023-46805 CVE-2024-21887

Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
1 year ago Techrepublic.com CVE-2023-46805 CVE-2024-21887

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
11 months ago Techtarget.com CVE-2023-46805 CVE-2024-21887

5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
11 months ago Techrepublic.com

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
1 year ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887

5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
1 year ago Techrepublic.com

Ivanti Patches High-Severity Vulnerability in VPN Appliances - Ivanti on Thursday announced patches for a high-severity vulnerability impacting enterprise VPN and network access products. Tracked as CVE-2024-22024 and described as an XML external entity issue, the security defect was identified in the SAML ...
1 year ago Securityweek.com CVE-2024-22024

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
9 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

ZTNA over VPN Can Be a Good Place to Start Your Zero Trust Journey - Zero-trust network access has become the leading project for organizations looking to adopt zero-trust principles. Gartner predicts that 60% of organizations will be adopting zero trust by 2025,1 so there are lots of zero-trust projects going on. As ...
1 year ago Feeds.fortinet.com

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

Cyber News related to More Ivanti VPN Zero-Days Fuel Attack Frenzy as Patches Finally Roll

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)