Subj : VPN users beware security flaws are being exploited to spread d To : All From : TechnologyDaily Date : Wed Jan 31 2024 20:15:05 VPN users beware security flaws are being exploited to spread dangerous malware Date: Wed, 31 Jan 2024 20:02:23 +0000 Description: Ivanti VPN tools are being abused to drop malware and in some cases even cryptominers. FULL STORY ====================================================================== Users of Ivantis Connect Secure (ICS) virtual private network ( VPN ) devices beware - the solutions carry two high severity vulnerabilities that are being chained together to deliver the Silver malware . First things first - the two vulnerabilities being abused here are tracked as CVE-2023-46805, and CVE-2024-21887. The former carries a severity score of 8.2, while the latter 9.1. Researchers from Volexity first spotted these two being abused in early December 2023, claiming that Chinese state-sponsored threat actors abused them as zero-days. Now, some hacking collectives seem to be using the flaws to first deliver KrustyLoader, a payload dropper built in Rust. Synacktiv researchers are saying that KrustyLoaders goal is to download Sliver from a remote server and run it on the compromised endpoint. Sliver, on the other hand, is an open-source, cross-platform post-exploitation framework built in the Go language. Some use it as an alternative to Cobalt Strike, it was said. More bugs to patch It first emerged in mid-2022, when BleepingComputer reported of hackers dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. These include not just Sliver, but also Brute Ratel, Viper, Meterpreter, and Havoc. Apparently, hackers started ditching Cobalt Strike due to stronger defenses being set up by their targets. Sliver was developed by a cybersecurity firm called BishopFox. The patch for the two flaws is not yet available, it was said, but Ivanti did release a temporary mitigation solution via an XML file. Besides Sliver, some hackers are apparently using these vulnerabilities to install XMRig on the vulnerable endpoints. XMRig is a cryptojacker that hijacks the devices computing power and quietly mines the Monero cryptocurrency for the attackers. Quietly being a stretch, however, as miners take up so much computing power that its hard not to see the device performing poorly. Via The Hacker News More from TechRadar Pro GitLab users told to install emergency security fix immediately Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/vpn-users-beware-security-flaws-are-bei ng-exploited-to-spread-dangerous-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .