Security News > 2024 > January > Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
2024-01-31 07:23
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
News URL
https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers leak configs and VPN credentials for 15,000 FortiGate devices (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2024-21887 | Command Injection vulnerability in Ivanti Connect Secure and Policy Secure A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 9.1 |
| 2024-01-12 | CVE-2023-46805 | Improper Authentication vulnerability in Ivanti Connect Secure and Policy Secure An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 8.2 |