1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • CISA confirms it was breached by attackers using Ivanti flaws, so

    From TechnologyDaily@1337:1/100 to All on Mon Mar 11 17:30:05 2024
    CISA confirms it was breached by attackers using Ivanti flaws, some systems taken offline

    Date:
    Mon, 11 Mar 2024 17:27:27 +0000

    Description:
    Two major systems were breached, admits CISA in possibly significant security failing.

    FULL STORY ======================================================================

    One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government's Cybersecurity and Infrastructure Security Agency (CISA).

    Confirmation of the breach came from CISA itself, as well as from an
    anonymous source with knowledge of the situation, with a CISA spokesperson telling The Record the organization identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.

    The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time, the spokesperson said. As they shared no further
    details, the publication spoke to an anonymous source familiar with the matter, who claimed that the systems breached, and subsequently turned off, included the Infrastructure Protection (IP) Gateway, and the Chemical
    Security Assessment Tool (CSAT). Ivanti's 2024 woes

    The former holds critical information about the interdependency of U.S. infrastructure, while the latter holds private sector chemical security
    plans. CSAT holds some of the countrys most sensitive industrial information, the publication further claimed, saying that includes the Top Screen tool for high-risk chemical facilities, Site Security Plans, and the Security Vulnerability Assessment.

    Unfortunately, we dont know if this was a ransomware attack, and if the attackers actually stole any of the sensitive data allegedly stored on these endpoints. Furthermore, the identity of the attacks is also unknown, but if
    it was ransomware, its most likely either LockBit, BlackCat (ALPHV), or Cl0p.

    News of security flaws in Ivanti products first broke in early January 2024, when the company announced addressing a critical vulnerability in its
    Endpoint Management Software (EPM), allowing for remote code execution (RCE). In the weeks to come, Ivanti found a handful of additional flaws, which were later found to be abused en-masse, by different threat actors looking to deploy various malware and infostealers. More from TechRadar Pro Ivanti fixes critical security flaw that could let hackers hijack work devices, so patch now Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/cisa-confirms-it-was-breached-by-attack ers-using-ivanti-flaws-some-systems-taken-offline


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)