The CISA and FBI report alarming ongoing exploitation of vulnerabilities in Ivanti Cloud Service Appliances, specifically CVE-2024-8963 and CVE-2024-8190. Despite patches being issued in September, attackers leverage these flaws to infiltrate networks. The vulnerabilities consist of significant issues such as remote code execution and SQL injections, prompting CISA to include them in its list of exploited vulnerabilities. In light of this, agencies are urged to upgrade systems and monitor for compromised credentials, while the involvement of a Chinese hacker group suggests a continued risk to cybersecurity.
CISA and the FBI report that attackers are exploiting Ivanti Cloud Service Appliances' vulnerabilities despite patches issued, urging network admins to secure devices immediately.
The vulnerabilities, particularly CVE-2024-8963 and CVE-2024-8190, facilitate attacks, leading CISA to advise federal agencies to enhance their cybersecurity measures.
Collection
[
|
...
]