CyberSecurityBoard
Sponsor Register Login

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

Malware hunters at Volexity on Wednesday warned that suspected Chinese nation-state hackers are actively exploiting a pair of unauthenticated remote zero-day vulnerabilities in Ivanti Connect Secure VPN devices.
The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, affect fully patched Internet-facing Ivanti Connect Secure VPN appliances and were caught during in-the-wild zero-day exploitation.
Ivanti, a company that has struggled with major security problems, released pre-patch mitigations for the new vulnerabilities but said comprehensive fixes will be released on a staggered schedule beginning on January 22.
In a research report, Volexit said it caught the zero-days after noticing suspicious lateral movement on the network of one of its customers, and found that an attacker was placing webshells on multiple internal and external-facing web servers.
The company traced the infections back to the victim company's Ivanti Connect Secure VPN appliance that showed that its logs had been wiped and logging had been disabled.
Volexity said it worked closely with Ivanti in order to obtain disk and memory images from the impacted devices and was able to uncover the exploit chain used by the attacker.
The researchers said they caught the attackers modifying legitimate ICS components and making changes to the system to evade Ivanti's Integrity Checker Tool; and backdooring a legitimate CGI file on the ICS VPN appliance to allow command execution.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 10 Jan 2024 22:13:05 +0000


Cyber News related to Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
5 months ago Techtarget.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
5 months ago Bleepingcomputer.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
5 months ago Bleepingcomputer.com
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Malware hunters at Volexity on Wednesday warned that suspected Chinese nation-state hackers are actively exploiting a pair of unauthenticated remote zero-day vulnerabilities in Ivanti Connect Secure VPN devices. The vulnerabilities, tracked as ...
5 months ago Securityweek.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
5 months ago Go.theregister.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
5 months ago Techtarget.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
5 months ago Techrepublic.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
5 months ago Techtarget.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 month ago Cybersecurity-insiders.com
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
5 months ago Securityweek.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
5 months ago Bleepingcomputer.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
4 months ago Apnews.com
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet - Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect Secure VPN is a virtual private network tool that ...
5 months ago Darkreading.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
4 months ago Bleepingcomputer.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
5 months ago Unit42.paloaltonetworks.com
1,700 Ivanti VPN devices compromised. Are yours among them? - Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. Both Volexity and Ivanti revealed on January 10 that unknown attackers have been leveraging ...
5 months ago Helpnetsecurity.com
Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
5 months ago Infosecurity-magazine.com
Mullvad VPN Review: Features, Pricing, Pros & Cons - Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Visit Mullvad VPN. Mullvad offers a flat rate of €5 or $5.48 per month, regardless of subscription length. If you're looking ...
5 months ago Techrepublic.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
3 months ago Techtarget.com
Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
6 months ago Cybersecurity-insiders.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
4 months ago Cysecurity.news
The best VPN deals right now - You may be able to find offers for a VPN free trial, but you'll typically only get seven days free with limited bandwidth and a restricted number of servers. The best VPN deal is for Surfshark, a reliable and easy-to-use VPN with consistently low ...
5 months ago Zdnet.com
Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
4 months ago Techrepublic.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
4 months ago Go.theregister.com
Ivanti Connect Secure zero-days exploited by attackers - Two zero-day vulnerabilities in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be ...
5 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)