CISA Warns of Critical Tigo Energy Cloud Connect Advanced Flaws

Urgent CISA Alert: Ivanti Vulnerabilities Under Active Attack By Reuters – February 2, 2024 The United States Cybersecurity and Infrastructure Security Agency (CISA) released a special emergency directive over an active exploitation of critical vulnerabilities found within the products offered by Ivanti. It is urging federal agencies as well as private organizations to take immediate steps to prevent any possible attacks.

What Happened? CISA has verified reports indicating that multiple threat actors are taking advantage of vulnerabilities within two popular VPN and network solutions from Ivanti called Connect Secure and Policy Secure. There have been numerous successful exploitations with malware being dropped, credentials stolen, and persistence established on compromised systems.

Federal agencies, critical infrastructure operators, and private enterprises that use Ivanti’s affected products are at risk. CISA’s directive specifically requires federal agencies to implement mitigation measures within 48 hours. The alert was issued on February 1, 2024, whereby attacks had reportedly been discovered as early as January 2024.

This exploitation seems to be happening all over the world against government and corporate networks. These are significant vulnerabilities because they permit attackers to bypass authentication, execute arbitrary commands, and take full control of the systems under attack with three CVE identifiers: CVE-2023-46805; CVE-2024-21887; and CVE-2024-21893. While patches were released by Ivanti, delayed updates have left numerous networks vulnerable.

Under the order of CISA, federal agencies must: take offline affected Ivanti products until patched. conduct threat hunting for indicators of compromise. report incidents to CISA immediately. Private organizations are strongly encouraged to follow the same measures. The FBI and all international cybersecurity agencies have been informed and are monitoring the threat.