Hackers are still using old Ivanti bugs to break into networks

A person at a laptop with a cybersecure lock symbol floating above it.

(Image credit: Shutterstock / laymanzoom)

CISA and FBI issue new warning about old Ivanti flaws
They claim the flaws are being abused in coordinated attacks
The bugs were patched in September and October 2024, so update now

Security flaws in Ivanti Cloud Service Appliance (CSA) discovered and patched in September and October 2024 are still being used to breach networks, a new security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI has warned.

In the advisory, the two agencies claim threat actors are chaining together four vulnerabilities - two in one chain: CVE-2024-8963, and CVE-2024-8190, and two in another: CVE-2024-9379, and CVE-2024-9380.

“Threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks,” the two agencies said.

Compromised credentials

All of these flaws were being abused while they were zero-days - and at the time, CISA added them to its catalog of exploited vulnerabilities (KEV), forcing federal agencies to patch up within three weeks. Therefore, it’s safe to assume that the majority of the newer victims are in the private sector.

The agencies have, once again, repeated their earlier calls for upgrades, and urged network administrators to be on the lookout for signs of compromise.

"Credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised," they added. "Organizations should collect and analyze logs and artifacts for malicious activity and apply the incident response recommendations within this advisory."

Ivanti is an American IT software company, specializing in IT security, service management, asset management, and more. As of 2023, Ivanti employed approximately 3,070 people, and claims more than 40,000 organizations worldwide are using its services.

In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that Chinese government hackers used its software to target organizations. One such group is tracked as UNC5221, and was believed to have compromised thousands of Ivanti VPN devices, with CISA being among the victims.

Via BleepingComputer

Top WordPress plugins found to have some serious security flaws, so make sure you're protected
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.