1. Forum
  2. FidoNet
  3. POLITICS

  • CISA, FBI warn re: Ivanti

    From Mike Powell@1:2320/105 to All on Fri Jan 24 10:50:00 2025
    Hackers are still using old Ivanti bugs to break into networks

    Date:
    Fri, 24 Jan 2025 14:03:00 +0000

    Description:
    CISA and FBI are urging network admins to pay attention to Ivanti updates.

    FULL STORY ======================================================================

    - CISA and FBI issue new warning about old Ivanti flaws
    - They claim the flaws are being abused in coordinated attacks
    - The bugs were patched in September and October 2024, so update now

    Security flaws in Ivanti Cloud Service Appliance (CSA) discovered and patched in September and October 2024 are still being used to breach networks, a new security advisory from the US Cybersecurity and Infrastructure Security
    Agency (CISA), and the FBI has warned.

    In the advisory, the two agencies claim threat actors are chaining together four vulnerabilities - two in one chain: CVE-2024-8963, and CVE-2024-8190,
    and two in another: CVE-2024-9379, and CVE-2024-9380.

    Threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant
    webshells on victim networks, the two agencies said.

    Compromised credentials

    All of these flaws were being abused while they were zero-days - and at the time, CISA added them to its catalog of exploited vulnerabilities (KEV), forcing federal agencies to patch up within three weeks. Therefore, its safe
    to assume that the majority of the newer victims are in the private sector.

    The agencies have, once again, repeated their earlier calls for upgrades, and urged network administrators to be on the lookout for signs of compromise.

    "Credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised," they added. "Organizations should collect and analyze logs and artifacts for malicious activity and apply the incident response recommendations within this advisory."

    Ivanti is an American IT software company, specializing in IT security,
    service management, asset management, and more. As of 2023, Ivanti employed approximately 3,070 people, and claims more than 40,000 organizations
    worldwide are using its services.

    In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that Chinese government hackers used its software to target organizations. One such group is tracked as UNC5221, and
    was believed to have compromised thousands of Ivanti VPN devices, with CISA being among the victims.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-are-still-using-old-ivanti-bugs -to-break-into-networks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)