home.social

#connectsecure — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #connectsecure, aggregated by home.social.

  1. 🚨 April 2025 Vulnerability Report is out! 🚨

    👉 vulnerability-lookup.org/2025/

    The most prominent vulnerabilities affect the following products:

    - #Ivanti / #ConnectSecure
    - #Erlang / OTP
    - #SAP / SAP NetWeaver

    The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate).

    💻 NISDUC Conference

    #VulnerabilityLookup will be presented during the fourth #NISDUC conference.

    👉 nisduc.eu

    #CyberSecurity #Vulnerability #opensource

  2. MITRE disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: @howelloneill) and their incident response actions. No IOC provided. 🔗 mitre.org/news-insights/news-r and medium.com/mitre-engenuity/adv h/t @reverseics

    cc: @campuscodi @briankrebs

    #MITRE #Ivanti #ConnectSecure #CVE_2023_46805 #CVE_2024_21887 #threatintel #cyberespionage

  3. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  4. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  5. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  6. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  7. Mandiant releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 cloud.google.com/blog/topics/t

    EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at cloud.google.com/blog/topics/t

    #Ivanti #ConnectSecure #vulnerability #cyberespionage #China #activeexploitation #eitw #zeroday #KEV #CISA #CVE_2023_46805 #CVE_2024_21887 #CVE_2024_21893 #UNC5221 #UNC5266 #UNC5330 #UNC5337 #UNC5291

  8. I want to get off Mr. Ivanti's wild ride: security advisory for Ivanti Connect Secure and Ivanti Policy Secure: 🔗 forums.ivanti.com/s/article/SA and blog post: ivanti.com/blog/security-updat

    • CVE-2024-21894 (8.2 high) heap overflow leads to Denial of Service (DoS), and sometimes arbitrary code execution
    • CVE-2024-22052 (7.5 high) null pointer dereference causes DoS
    • CVE-2024-22053 (8.2 high) heap overflow leads to DoS or information disclosure
    • CVE-2024-22023 (5.3 medium) XML entity expansion (XEE) causes a limited-time DoS

    We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.

    #Ivanti #ConnectSecure #PolicySecure #vulnerability #CVE_2024_21894 #CVE_2024_22052 #CVE_2024_22053 #CVE_2024_22023

  9. Soooo ... that integrity checker tool that Ivanti wants customers to use to detect compromise? It doesn't scan more than a dozen directories including /data, /etc, /tmp, and /var. As a test of what was possible, @n0x08 installed the Sliver C2 tool in /data and ran the integrity checker tool and it passed. Patched Ivanti VPNs could very well still be compromised even if the integrity checker tool gave them an all-clear.

    We also found numerous extremely old software packages, including a Linux kernel that was EOL in 2020 (CentOS 6.4). Yikes!

    eclypsium.com/blog/flatlined-a

    #ivanti #connectsecure #connectaround

  10. Agencies using vulnerable Ivanti products have until Saturday to disconnect them - Enlarge (credit: Getty Images)

    Federal civilian agencies have ... - arstechnica.com/?p=2000723 #connectsecure #security #zerodays #biz#ivanti #cisa