Hackers are still using old Ivanti bugs to break into networks

News
By published

Despite patches being available for months, many Ivanti endpoints are still vulnerable

A person at a laptop with a cybersecure lock symbol floating above it.
(Image credit: Shutterstock / laymanzoom)
  • CISA and FBI issue new warning about old Ivanti flaws
  • They claim the flaws are being abused in coordinated attacks
  • The bugs were patched in September and October 2024, so update now

Security flaws in Ivanti Cloud Service Appliance (CSA) discovered and patched in September and October 2024 are still being used to breach networks, a new security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI has warned.

In the advisory, the two agencies claim threat actors are chaining together four vulnerabilities - two in one chain: CVE-2024-8963, and CVE-2024-8190, and two in another: CVE-2024-9379, and CVE-2024-9380.

“Threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks,” the two agencies said.

Compromised credentials

All of these flaws were being abused while they were zero-days - and at the time, CISA added them to its catalog of exploited vulnerabilities (KEV), forcing federal agencies to patch up within three weeks. Therefore, it’s safe to assume that the majority of the newer victims are in the private sector.

The agencies have, once again, repeated their earlier calls for upgrades, and urged network administrators to be on the lookout for signs of compromise.

"Credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised," they added. "Organizations should collect and analyze logs and artifacts for malicious activity and apply the incident response recommendations within this advisory."

Ivanti is an American IT software company, specializing in IT security, service management, asset management, and more. As of 2023, Ivanti employed approximately 3,070 people, and claims more than 40,000 organizations worldwide are using its services.

In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that Chinese government hackers used its software to target organizations. One such group is tracked as UNC5221, and was believed to have compromised thousands of Ivanti VPN devices, with CISA being among the victims.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
vpn
Ivanti warns another critical security flaw is being attacked
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
More about security
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Microsoft Copiot Studio deep reasoning and agent flows

Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
See more latest
Most Popular
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 27 (game #655)