Kevin Beaumont on Nostr: ⚠️ want a highly impactful, actively exploited border gateway zero days situation ...
⚠️ want a highly impactful, actively exploited border gateway zero days situation to wake you up?
Ivanti Pulse Secure aka Ivanti Connect Secure and Ivanti Policy Secure Gateway customers - prepare to deploy mitigations and await follow on patches.
In the wild exploitation, probable nation state - includes authentication (including MFA) bypass and code execution.
Looks like Ivanti have done a really good job identifying.
I call it ConnectAround. #threatintel #connectaround
Published at
2024-01-10 16:18:40Event JSON
{
"id": "01e1996698a642a2f99e9f504215787ef514381f577021a63d4a32609cd8f58e",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1704903520,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"t",
"connectaround"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/111732557100241084",
"activitypub"
]
],
"content": "⚠️ want a highly impactful, actively exploited border gateway zero days situation to wake you up?\n\nIvanti Pulse Secure aka Ivanti Connect Secure and Ivanti Policy Secure Gateway customers - prepare to deploy mitigations and await follow on patches. \n\nIn the wild exploitation, probable nation state - includes authentication (including MFA) bypass and code execution.\n\nLooks like Ivanti have done a really good job identifying.\n\nI call it ConnectAround. #threatintel #connectaround\n\nhttps://cyberplace.social/system/media_attachments/files/111/732/540/893/505/424/original/c8069590d0691ab4.png",
"sig": "0bf596d3a78a6126870709f40d2a993311c57e3d32fadef94b388377c572b19660a3bb14678d109e92f67eeb084823bc9bc87bbf252a219c747816c15408bf1d"
}
