AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Security alert: Ivanti Connect Secure VPN under attack

Increase in attacks on Ivanti VPN systems highlights critical issues in corporate cybersecurity

Two serious vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affected Ivanti VPNs, with attacks starting in December 2023. It is estimated that there are over 18,000 devices at risk globally. Ivanti has provided safety guidelines.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Serious vulnerabilities have affected Ivanti's VPN devices, with Volexity and Ivanti reporting ongoing attacks as early as January 10th. Ivanti Connect Secure VPN devices are at the center of an attack campaign that exploits two critical unmitigated zero-day vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, to install malicious webshells and data exfiltration.

Investigations underway into zero-day attacks

A conjuncture of malicious actors, including those affiliated with Chinese cyber activities, are exploiting these vulnerabilities as of December 2023. This effort is strengthened by the work of Mandiant which has published useful guidance for identifying the malware employed, suggesting a targeted effort towards electronic espionage. The flow of hostile actions does not seem to stop, affecting more than 1,700 endpoints, affecting companies of various industries and sizes, including some Fortune 500 entities.

Dimension of vulnerability and Ivanti's response

According to analysis provided by scanning services, it is estimated that there are over 18,000 active and vulnerable Ivanti Connect Secure VPN devices worldwide, of which approximately 5,500 are in Europe. Ivanti, in response to the critical issues that have emerged, has already released guidelines for resolving problems, supporting companies in managing the security emergency. The importance of collaboration with national CERTs also emerged.

Reminder for mitigation measures

Aware of the inability of emergency precautionary measures to contain the damage resulting from previous compromises, Volexity urges organizations to carry out an in-depth analysis of the systems in order to detect any signs of intrusion. The discovery of more than 1,700 compromised devices using new scanning techniques highlights the pressing need for remediation and internal incident analysis to confirm or deny a network security breach.

Follow us on Threads for more pills like this

01/17/2024 09:38

Editorial AI

Last pills

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk

Pact between technology companies against electoral manipulationJoint technology initiative to preserve the integrity of democratic voting