Subj : Ivanti VPN security flaws are being attacked again by Chinese hac To : All From : TechnologyDaily Date : Thu Feb 29 2024 15:45:06 Ivanti VPN security flaws are being attacked again by Chinese hackers Date: Thu, 29 Feb 2024 15:37:56 +0000 Description: Users are urged to disinfect Ivanti VPN devices and apply the patches immediately. FULL STORY ====================================================================== The recently discovered Ivanti VPN security flaws are still being abused, researchers have claimed - with Chinese hackers now taking advantage of the vulnerabilities to deploy all kinds of malware. Cybersecurity researchers from Google-owned Mandiant have claimed the Chinese group UNC5325 is using a combination of living-off-the-land techniques to prevent being detected on the devices, as it drops novel malware . This malware, the researchers argue, can survive factory resets, system upgrades, and patches. Unsupported OS and other woes In order to achieve it, the Chinese hackers gained a nuanced understanding and significant knowledge of the Ivanti Connect Secure appliance. Users should immediately take action to ensure protection if they haven't done so already, Mandiant says, pointing the users to the direction of Ivantis latest security advisory . Furthermore, users should use Ivantis new external integrity checker, as well as Mandiants updated Hardening Guide. The researchers also said that there is a possibility of a second threat actor, tracked as UNC3886, also jumping on the bandwagon. While some reports put this threat actor under the command of the Chinese government, others argue that UNC5325 and UNC3886 are the same entity. In early January 2024, Ivanti reported discovering and patching a critical remote code execution (RCE) vulnerability in one of its products, which could have allowed threat actors to drop all kinds of malware. Soon after, all hell broke loose for Ivanti, as it later discovered a handful of additional vulnerabilities, which were getting exploited on a massive scale, by threat actors from all over the world. Subsequent investigation uncovered that Ivanti used the CentOS 6.4. operating system for its products, which was unsupported for years at that point: "Pulse Secure runs an 11-year-old version of Linux which hasn't been supported since November 2020," security analysts from Eclypsium said in a report analyzing firmware version 9.1.18.2-24467.1. In early February, the US government told its agencies using Ivanti Connect Secure and Ivanti Policy Secure to disconnect these solutions immediately and not turn them back on until theyre absolutely certain theyve been properly patched, and their networks disinfected from possible hacker incursions. The patches Ivanti released are effective, but only if they were applied before any incursions. If a threat actor established persistence on an endpoint beforehand, applying the fix will not help. More from TechRadar Pro Yet another Ivanti VPN critical security flaw is being exploited, so patch now Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/ivanti-vpn-security-flaws-are-being-att acked-again-by-chinese-hackers --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .