Zero-Day Flaws in Ivanti VPN and NAC Appliances Exploited in Mass Attacks
GPU flaw could lead to big data theft, Credit card data for 15K in Oz stolen in attacks, Hackers want $11m from Spanish town, Hackers posted gruesome videos in UC-Irvine Discord groups, much more
Note bene: While Metacurity explores switching to alternative newsletter platforms, please know that whatever we do, you can always reach Metacurity at https://metacurity.com.
Check out my latest CSO column that pulls back the curtain on recently discovered Bluetooth flaws that leave keyboards vulnerable to injection attacks.
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.
As discovered by Volexity in December, multiple threat groups chain the CVE-2023-46805 authentication bypass and the CVE-2024-21887 command injection vulnerabilities in widespread attacks starting January 11.
Volexity now says, "On Sunday, January 14, 2024, Volexity had identified over 1,700 ICS VPN appliances that were compromised with the GIFTEDVISITOR webshell. These appliances appear to have been indiscriminately targeted, with victims all over the world.”
The list of victims discovered by Vo…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.