AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert: Ivanti Connect Secure VPN under attack

Increase in attacks on Ivanti VPN systems highlights critical issues in corporate cybersecurity

Two serious vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affected Ivanti VPNs, with attacks starting in December 2023. It is estimated that there are over 18,000 devices at risk globally. Ivanti has provided safety guidelines.

This pill is also available in Italian language

Serious vulnerabilities have affected Ivanti's VPN devices, with Volexity and Ivanti reporting ongoing attacks as early as January 10th. Ivanti Connect Secure VPN devices are at the center of an attack campaign that exploits two critical unmitigated zero-day vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, to install malicious webshells and data exfiltration.

Investigations underway into zero-day attacks

A conjuncture of malicious actors, including those affiliated with Chinese cyber activities, are exploiting these vulnerabilities as of December 2023. This effort is strengthened by the work of Mandiant which has published useful guidance for identifying the malware employed, suggesting a targeted effort towards electronic espionage. The flow of hostile actions does not seem to stop, affecting more than 1,700 endpoints, affecting companies of various industries and sizes, including some Fortune 500 entities.

Dimension of vulnerability and Ivanti's response

According to analysis provided by scanning services, it is estimated that there are over 18,000 active and vulnerable Ivanti Connect Secure VPN devices worldwide, of which approximately 5,500 are in Europe. Ivanti, in response to the critical issues that have emerged, has already released guidelines for resolving problems, supporting companies in managing the security emergency. The importance of collaboration with national CERTs also emerged.

Reminder for mitigation measures

Aware of the inability of emergency precautionary measures to contain the damage resulting from previous compromises, Volexity urges organizations to carry out an in-depth analysis of the systems in order to detect any signs of intrusion. The discovery of more than 1,700 compromised devices using new scanning techniques highlights the pressing need for remediation and internal incident analysis to confirm or deny a network security breach.

Follow us on Threads for more pills like this

01/17/2024 09:38

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks