simontsui, to random

watchTowr reports additional zero-days uncovered on a fully patched Ivanti appliance. No further information due to 90 day vulnerability disclosure policy.


cc: @todb @ntkramer @campuscodi @serghei @dangoodin @catc0n
CVE_2024_21893

YourAnonRiots, to chinese Japanese

⚠️ Warning - #Chinese espionage group #UNC5221 attacking Ivanti Connect Secure VPN & Policy Secure devices, and using custom web shells like BUSHWALK, CHAINLINE, FRAMESTING, and LIGHTWIRE variant.

https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html

Patch ASAP!

#cybersecurity #hacking

simontsui, to random

Just your periodic update from Ivanti regarding their CVE-2023-46805 (8.2 high) and CVE-2024-21887 (9.1 critical) zero-days (both disclosed 10 January 2024 as exploited in the wild, has Proofs of Concept, mass exploitation):

"Update 26 January: The targeted release of patches for supported versions is delayed, this delay impacts all subsequent planned patch releases. We are now targeting next week to release a patch for Ivanti Connect Secure (versions 9.1R17x, 9.1R18x, 22.4R2x and 22.5R1.1), Ivanti Policy Secure (versions 9.1R17x, 9.1R18x and 22.5R1x) and ZTA version 22.6R1x.
Patches for supported versions will still be released on a staggered schedule. Instructions on how to upgrade to a supported version will also be provided.
The timing of patch release is subject to change as we prioritize the security and quality of each release. Please ensure you are following this article to receive updates as they become available."
🔗 https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

simontsui, to random

CISA issues Emergency Directive 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to CVE-2023-46805 (8.2 high, disclosed by Ivanti on 10 January 2024 as exploited zero-days) authentication bypass in Ivanti Connect Secure VPN Version 9.x and 22.x and CVE-2024-21887 (9.1 critical) command injection in Ivanti Connect Secure VPN Version 9.x and 22.x

🔗 https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities

simontsui,

CISA released supplemental directions for Emergency Directive 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities. This assumes anyone running Ivanti Connect Secure or Ivanti Policy Secure solutions have been compromised and the remediation steps include isolating the device from resources, continue threat hunting, performing a factory reset, applying the patch, etc.
🔗 https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities#SupplementalDirectionV1

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines