Security News > 2024 > January > Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation.
While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.
As Ivanti disclosed last week, attackers can run arbitrary commands on all supported versions of ICS VPN and IPS appliances when successfully chaining the two zero days.
Thinspool Dropper: custom shell script dropper that writes the Lightwire web shell onto Ivanti CS, securing persistence.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related news
- CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- MITRE breached by nation-state threat actor via Ivanti zero-days (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)