TLDR: The number of organizations compromised by zero-day bugs in Ivanti products is growing, according to Mandiant’s threat intelligence team. The vulnerabilities in Ivanti Connect Secure and Policy Secure gateways were disclosed by Ivanti and already exploited. The victim count, initially reported as less than 10, has since increased. Neither flaw currently has a patch, and Ivanti hopes to start rolling out patches in late January. The vulnerabilities allow for unauthenticated remote code execution, meaning attackers can take control of an organization’s Ivanti network appliances and infiltrate their IT environment. Mandiant has identified abuse of the bugs by a suspected espionage team, UNC5221, and has seen in-the-wild attacks as early as December. The attackers primarily used hijacked Cyberoam VPN appliances as command-and-control servers. The attackers also used various pieces of bespoke malware to achieve persistence and avoid detection. Mandiant’s investigation is ongoing, and the victim count is likely to continue to grow as organizations discover their compromised devices.
Ivanti’s zero-day victims increase; Mandiant adds valuable insights
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-97.png)
Latest from News
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-123-720x480.png)
UK Firms Unite for Cybersecurity Success
TLDR: Yahoo is part of the Yahoo brand family, which includes Yahoo and AOL. When using Yahoo sites and applications, Cookies are used for
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-14-720x480.jpg)
PKfail vulnerability lets hackers install UEFI malware on 200+ devices
TLDR: PKfail vulnerability affects over 200 device models, compromising Secure Boot. Exploiting the vulnerability allows attackers to install UEFI malware. Article Summary: The PKfail
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-121-720x480.png)
OpenStack Nova flaw lets hackers infiltrate cloud servers without permission
TLDR: A vulnerability in OpenStack’s Nova component, tracked as CVE-2024-40767, allows hackers to gain unauthorized access to cloud servers. The vulnerability affects multiple versions
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-40-720x480.jpg)
CrowdStrike alert: New phishing scam targets German customers
TLDR: – CrowdStrike warns of a new phishing scam targeting German customers. – Malicious installers distributed via a fake website impersonating a German entity.
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-36-720x480.jpg)
Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea
Article Summary TLDR: UK, US, and S. Korea issued a warning about a North Korea-backed cyber espionage campaign The group Andariel has been targeting