- September 02, 2025: People's Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally.https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a?utm_source=SaltTyphoon&utm_medium=GovDelivery
- June 25, 2024: Skibidi Botnet Malware targets Ivanti Connect Secure Vulnerability (CVE-2024-21887)https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
- February 29, 2024: CISA released a Cybersecurity Advisory on Threat Actors Exploiting Vulnerabilities in Ivanti Connect Secure and Policy Secure Gatewayshttps://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b/nz
- February 13, 2024: A new report by Orange Cyberdefense shows attackers using CVE-2024-21893 to install a new backdoor named DSLog. Please note, this is an ongoing investigation and as the situation is evolving, FortiGuard Labs will update and add new protections accordingly.https://www.orangecyberdefense.com/fileadmin/general/pdf/Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf
- February 09, 2024: Ivanti disclosed a fifth vulnerability- CVE-2024-22024 (XXE) for ICS and Ivanti Policy Secure.https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
- February 01, 2024: Ivanti identified additional vulnerabilities in ICS and Ivanti Policy Secure, and Ivanti Neurons for ZTA. CVE-2024-21888 allows for privilege escalation and CVE-2024-21893 is a server-side request forgery in the SAML component which allows a threat actor to access certain restricted resources without authentication. Vendor mentions in the advisory that CVE-2024-21893 appears to be seen in some targeted attacks and expects an increase in the attacks. CVE-2024-21893 has also been added to CISA's known exploited vulnerability catalog (KEV).
- January 22, 2024: Ivanti plans to begin releasing patches addressing these vulnerabilities on a schedule. Until patches are available, Ivanti has provided a workaround for the users to mitigate exploitation riskshttps://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
- January 19, 2024: CISA released a Cybersecurity Advisory on Threat Actors Exploiting Vulnerabilities in Ivanti Connect Secure and Policy Secure Gatewayshttps://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities
Countermeasures across the security fabric for protecting assets, data and network from cybersecurity events:
Detects known malware related to the Outbreak
Detects known malware related to the Outbreak
Find and correlate important information to identify an outbreak, the following updates are available to raise alert and generate reports:
Develop containment techniques to mitigate impacts of security events:
Services that can automaticlly respond to this outbreak.
Experts to assist you with analysis, containment and response activities.
Improve security posture and processes by implementing security awareness and training, in preparation for (and recovery from) security incidents:
Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
Raise security awareness to your employees that are continuously being targeted by phishing, drive-by download and other forms of cyberattacks.
Identify processes and assets that need protection:
Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Learn more about FortiGuard Outbreak Alerts
