- CISA and FBI issue a new warning on old defects of Ivanti
- They claim that the failures in coordinated attacks are being abused
- The errors were solved in September and October 2024, so up now
Safety failures in Ivanti Cloud Service Appliance (CSA) discovered and repaired in September and October 2024 are still being used to violate networks, according to a new security notice of the US Infrastructure and Cyannage Security Agency of the US. (CISA) and the FBI.
In the notice, the two agencies affirm that the threat actors are chaining four vulnerabilities: two in one chain: CVE-2024-8963 and CVE-2024-8190, and two in another: CVE-2024-9379 and CVE-2024- 9380.
“Threat actors chained the vulnerabilities listed to obtain initial access, remote code execution (RCE), obtain credentials and implement Webshells in the victims’ networks,” the two agencies said.
Committed credentials
He abused all these failures when they were zero day, and at that time, Cisa added them to their catalog of exploited vulnerabilities (KEV), which forced federal agencies to repair them in three weeks. Therefore, it is safe to assume that most new victims belong to the private sector.
The agencies, once again, have repeated their previous orders for updates and urged network administrators to be attentive to the commitment signs.
“Credentials and confidential data stored within the affected Ivanti devices must be considered compromised,” they added. “Organizations must collect and analyze records and artifacts in search of malicious activity and apply the recommendations for response to incidents contained in this notice.”
Ivanti is an American IT software company that specializes in IT safety, service management, assets and more. In 2023, Ivanti used approximately 3070 people and states that more than 40,000 organizations worldwide are using their services.
In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that Chinese government pirates used their software to attack organizations. One of those groups has the name UNC5221 and is believed to have committed thousands of Ivanti VPN devices, CISA being one of the victims.
Through Pitidocomputadora
