1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • CISA is now warning government agencies to patch Ivanti flaws imm

    From TechnologyDaily@1337:1/100 to All on Mon Jan 22 17:30:05 2024
    CISA is now warning government agencies to patch Ivanti flaws immediately

    Date:
    Mon, 22 Jan 2024 17:09:26 +0000

    Description:
    Ivanti flaws are being abused en masse, researchers are warning, to run arbitrary code on vulnerable endpoints.

    FULL STORY ======================================================================

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning government agencies to patch recently discovered Ivanti flaws immediately, as theyre being used in the wild to compromise vulnerable endpoints.

    CISAs alert warns Federal Civilian Executive Branch (FCEB) agencies of two flaws: CVE-2023-46805 (authentication bypass), and CVE-2024-21887 (code injection).

    The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS), and allow threat actors to run arbitrary commands on the endpoints. Thousands of victims

    Since January 11 this year, a sharp increase in attacks was observed, CISA warned. Government agencies dont seem to be exclusive targets, though, as researchers observed organizations being targeted indiscriminately. Both
    small businesses and some of the worlds largest organizations, operating in different industries including aerospace, banking, defense, and government, all fell prey so far.

    "Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of
    target information systems," the agency said.

    Ivanti is yet to release a patch for the flaws, it was said. In the meantime, it released mitigation measures which include importing an XML file into affected products, thus making necessary reconfigurations.

    Furthermore, CISA said businesses should first run an External Integrity Checker Tool to see if their endpoints were compromised. If any signs of foul play are found, the devices need to be disconnected, reset, and then have the XML file introduced. Also, FCEB agencies need to revoke and reissue certificates, reset admin credentials, store API keys, and reset local user passwords.

    The zero-days were first spotted being abused in December last year, by a Chinese state-sponsored threat actor tracked as UTA0178. Since then, the
    group successfully breached more than 2,000 devices all over the world, and used the advantage to install passive backdoors and deploy web shells.

    Via TheHackerNews More from TechRadar Pro Ivanti VPN zero-day flaws are now being attacked en masse Here's a list of the best firewalls around today
    These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-is-now-warning-government-agencies -to-patch-ivanti-flaws-immediately


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)