Security News > 2024 > January > Ivanti zero-day exploits explode as bevy of attackers get in on the act
There's a "Reasonable chance" that Ivanti Connect Secure VPN users are already compromised if they didn't apply the vulnerability mitigation released last week, experts say.
The latest data from Volexity shows that successful exploits of two Ivanti zero-days have accelerated sharply to more than 1,700 devices.
Citing the new figures, Christopher Glyer, principal security researcher at Microsoft Threat Intelligence Center, said: "If you didn't apply Ivanti Connect Secure VPN mitigation on January 10, reasonable chance you were exploited - mass exploitation by same actor started on January 11 and compromised at least 1,700 devices."
Mandiant's report on January 11, a day after the initial disclosure, noted that fewer than 20 devices were compromised at the time, which underlines how quickly the attacks have escalated.
The new wave of attacks are against everything from small businesses to some of the largest in the world, including multiple Fortune 500 companies, according to Volexity.
"The attacker used an identical webshell to that observed in the first incident investigated by Volexity, but they replaced the AES key used with a truncated UUID string," Volexity's researchers said.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/16/ivanti_zeroday_exploits_explode_into/
Related news
- Exploit code for Palo Alto Networks zero-day now public (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- MITRE breached by nation-state threat actor via Ivanti zero-days (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)