AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert: Ivanti Connect Secure VPN under attack

Increase in attacks on Ivanti VPN systems highlights critical issues in corporate cybersecurity

Two serious vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affected Ivanti VPNs, with attacks starting in December 2023. It is estimated that there are over 18,000 devices at risk globally. Ivanti has provided safety guidelines.

This pill is also available in Italian language

Serious vulnerabilities have affected Ivanti's VPN devices, with Volexity and Ivanti reporting ongoing attacks as early as January 10th. Ivanti Connect Secure VPN devices are at the center of an attack campaign that exploits two critical unmitigated zero-day vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, to install malicious webshells and data exfiltration.

Investigations underway into zero-day attacks

A conjuncture of malicious actors, including those affiliated with Chinese cyber activities, are exploiting these vulnerabilities as of December 2023. This effort is strengthened by the work of Mandiant which has published useful guidance for identifying the malware employed, suggesting a targeted effort towards electronic espionage. The flow of hostile actions does not seem to stop, affecting more than 1,700 endpoints, affecting companies of various industries and sizes, including some Fortune 500 entities.

Dimension of vulnerability and Ivanti's response

According to analysis provided by scanning services, it is estimated that there are over 18,000 active and vulnerable Ivanti Connect Secure VPN devices worldwide, of which approximately 5,500 are in Europe. Ivanti, in response to the critical issues that have emerged, has already released guidelines for resolving problems, supporting companies in managing the security emergency. The importance of collaboration with national CERTs also emerged.

Reminder for mitigation measures

Aware of the inability of emergency precautionary measures to contain the damage resulting from previous compromises, Volexity urges organizations to carry out an in-depth analysis of the systems in order to detect any signs of intrusion. The discovery of more than 1,700 compromised devices using new scanning techniques highlights the pressing need for remediation and internal incident analysis to confirm or deny a network security breach.

Follow us on Facebook for more pills like this

01/17/2024 09:38

Marco Verro

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity