New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices.
Threat actors are continuing to leverage vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways to capture credentials and/or drop webshells that enable further compromise of enterprise networks.
Some threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection.
CISA is aware of instances in which sophisticated threat actors have subverted the external integrity checker tool, further minimizing traces of their intrusion.
If an organization has been running Ivanti Connect Secure and Policy Secure gateways over the last several weeks and/or continues to run these products, CISA recommends continuous threat hunting on any systems connected to-or recently connected to-the Ivanti device.
Organizations should monitor authentication, account usage, and identity management services that could be exposed and isolate the system(s) from any enterprise resources as much as possible.
When these become available, CISA recommends that organizations continue to hunt their network in order to detect any compromise that may have occurred before patches were implemented.
This guidance supplements CISA's previous guidance for mitigation and detection, which remains applicable.
This product is provided subject to this Notification and this Privacy & Use policy.

This Cyber News was published on www.cisa.gov. Publication date: Tue, 30 Jan 2024 20:43:05 +0000

Cyber News related to New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887

Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices. Threat actors are continuing to leverage ...
1 year ago Cisa.gov

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
1 year ago Malwarebytes.com CVE-2024-22024

Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
1 year ago Infosecurity-magazine.com CVE-2023-46805 CVE-2024-21887 CVE-2023-35078 CVE-2023-35081

Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
1 year ago Cysecurity.news CVE-2024-21893 CVE-2023-46805 CVE-2024-21887

More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
1 year ago Go.theregister.com CVE-2024-21893 Hunters

China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
1 year ago Go.theregister.com

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024

Safeguarding Data Exchange: A Comprehensive Overview of API Gateways and Their Imperative Role in Ensuring Robust Security - In today's interconnected digital landscape, the proliferation of Application Programming Interfaces has revolutionized the way systems communicate and exchange data. This underscores the pivotal role of API Gateways as the guardians of digital ...
1 year ago Feeds.dzone.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
11 months ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
1 year ago Bleepingcomputer.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887

Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
1 year ago Techtarget.com CVE-2024-21887 CVE-2023-46805

Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities - Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products - CVE-2023-46805 and CVE-2024-21887- that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure and ...
1 year ago Darkreading.com CVE-2023-46805 CVE-2024-21887- CVE-2024-21887

Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
1 year ago Techrepublic.com CVE-2023-46805 CVE-2024-21887

New cybercrime crew Magnet Goblin caught exploiting Ivanti The Register - There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed ...
1 year ago Theregister.com Volt Typhoon Cactus

Ivanti fixes three critical flaws in Connect Secure & Policy Secure - Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. “The Pulse Connect Secure ...
3 weeks ago Bleepingcomputer.com

What Is a Firewall Policy? Ultimate Guide - A firewall policy is a set of rules and standards designed to control network traffic between an organization's internal network and the internet. There are key components to consider, main types of firewall policies and firewall configurations to be ...
1 year ago Esecurityplanet.com

CISA Issues Emergency Directive on Ivanti Zero-Days - The US government's cybersecurity agency CISA is ramping up the pressure on organizations to urgently mitigate a pair of critical vulnerabilities in Ivanti Connect Secure VPN devices. The CISA missive sets strict deadlines for Federal Civilian ...
1 year ago Securityweek.com CVE-2023-46805 CVE-2024-21887

New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Cyber News related to New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)