Found 4 bookmarks
Custom sorting
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.
#volexity#EN#2024#Zero-Day#Exploitation#RCE#GlobalProtect#CVE-2024-3400
·volexity.com·
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Volexity regularly prioritizes memory forensics when responding to incidents. This strategy improves investigative capabilities in many ways across Windows, Linux, and macOS. This blog post highlights some specific ways memory forensics played a key role in determining how two zero-day vulnerabilities were being chained together to achieve unauthenticated remote code execution in Ivanti Connect Secure VPN devices.
#volexity#EN#2024#Ivanti#Connect#Secure#VPN#Zero-Day#Vulnerabilities
·volexity.com·
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Ivanti Connect Secure VPN Exploitation: New Observations
Ivanti Connect Secure VPN Exploitation: New Observations
On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.
#volexity#EN#2024#CVE-2023-46805#CVE-2024-21887#Ivanti#Observations
·volexity.com·
Ivanti Connect Secure VPN Exploitation: New Observations
Ivanti Connect Secure VPN Exploitation Goes Global
Ivanti Connect Secure VPN Exploitation Goes Global
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
#volexity#EN#2024#CVE-2024-21887#CVE-2023-46805#Ivanti#Connect#Secure#Exploitation#mass-exploitation
·volexity.com·
Ivanti Connect Secure VPN Exploitation Goes Global