HomeCyber BalkansCISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

CISA Issues Warning About Hackers Exploiting Ivanti VPN Vulnerability

Published on

spot_img

Hackers have been actively exploiting vulnerabilities in Ivanti VPN, a popular tool used to secure sensitive data and communications. The Cybersecurity and Infrastructure Security Agency (CISA), along with several partner organizations, recently issued a warning regarding the exploitation of multiple vulnerabilities in Ivanti VPN. These vulnerabilities, identified as CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893, allow threat actors to bypass authentication, execute commands, and evade detection on Ivanti gateways.

The Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), United Kingdom National Cyber Security Centre (NCSC-UK), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and CERT-New Zealand (CERT NZ) are among the agencies that have issued warnings about these vulnerabilities. These organizations have urged network defenders to be proactive in hunting for malicious activity, updating their systems, and applying patches to mitigate the risks posed by these vulnerabilities.

CISA, in response to the Ivanti vulnerabilities, detected threat actors exploiting CVEs to implant web shells and harvest credentials. These threat actors used native Ivanti tools like freerdp and SSH for lateral movement within compromised networks, ultimately leading to full domain compromises. Despite efforts to detect compromise through integrity checking and forensic analysis, Ivanti’s ICT systems failed to identify the nefarious activities.

Organizations are advised to be cautious of rootkit-level persistence even after factory resets, as advanced threat actors can remain undetected for extended periods. Due to the significant risks posed by these vulnerabilities, it is recommended that enterprises reconsider their use of Ivanti Connect Secure and Policy Secure gateways in their environments.

To mitigate the risks associated with these vulnerabilities, cybersecurity experts recommend various steps, including choosing VPNs wisely, securing remote access tools, restricting outbound connections on SSL VPNs, using low-privilege accounts for LDAP bind in SSL VPNs, updating OS, software, and firmware regularly, and enforcing strong password policies. These measures are crucial in preventing unauthorized access and data breaches that could result from exploiting VPN flaws.

In conclusion, the exploitation of Ivanti VPN vulnerabilities highlights the ongoing threats posed by hackers to organizations’ cybersecurity. By staying vigilant, applying necessary patches, and following best practices recommended by cybersecurity experts, organizations can strengthen their defense against cyber attacks and protect their sensitive data and communications from unauthorized access.

Source link

Latest articles

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

More like this

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...