"Ivanti Security Alert: New Malware Exploits VPN Flaws"
Originally Published 1 year ago — by CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners have issued a joint advisory warning that cyber threat actors are actively exploiting multiple vulnerabilities in Ivanti Connect Secure and Policy Secure gateways, allowing them to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. These vulnerabilities impact all supported versions and can enable threat actors to maintain root-level persistence despite factory resets. Organizations are urged to assume compromised credentials, hunt for malicious activity, run Ivanti’s external Integrity Checker Tool, apply patching guidance, and report potential compromises to relevant authorities. Additionally, the advisory provides technical details, indicators of compromise, detection methods, incident response recommendations, mitigations, and reporting instructions.