TLDR: The number of organizations compromised by zero-day bugs in Ivanti products is growing, according to Mandiant’s threat intelligence team. The vulnerabilities in Ivanti Connect Secure and Policy Secure gateways were disclosed by Ivanti and already exploited. The victim count, initially reported as less than 10, has since increased. Neither flaw currently has a patch, and Ivanti hopes to start rolling out patches in late January. The vulnerabilities allow for unauthenticated remote code execution, meaning attackers can take control of an organization’s Ivanti network appliances and infiltrate their IT environment. Mandiant has identified abuse of the bugs by a suspected espionage team, UNC5221, and has seen in-the-wild attacks as early as December. The attackers primarily used hijacked Cyberoam VPN appliances as command-and-control servers. The attackers also used various pieces of bespoke malware to achieve persistence and avoid detection. Mandiant’s investigation is ongoing, and the victim count is likely to continue to grow as organizations discover their compromised devices.
Ivanti’s zero-day victims increase; Mandiant adds valuable insights
Latest from News
Are British SMBs ready to level up with Cyber Security Bill?
TLDR: The Cyber Security and Resilience Bill aims to tighten supply chain security in the UK. Experts are concerned about the impact of the
TfL cyber attack forces staff to work remotely
TLDR: TfL Cyber Attack Disrupts Services, Forcing Staff to Work From Home Key Points: A cyber attack targeting Transport for London (TfL) has disrupted
Mustang Panda: Worm-Powered USB Attack Plan
TLDR: Mustang Panda is back with new self-propagating malware spreading through USB drives and spear-phishing. They are targeting government entities in the Asia-Pacific region
Researcher hacks CI/CD pipelines for complete server control
TLDR: A security researcher exploited CI/CD pipelines to gain full server access by exploiting a security flaw in an exposed .git directory. The attacker
CISA alerts to three active exploits in the wild
TLDR: Key Points: CISA warns of three actively exploited vulnerabilities affecting ImageMagick, Linux Kernel, and SonicWall SonicOS Vulnerabilities could lead to remote code execution,