all InfoSec news
Attackers Exploit Ivanti Connect Secure Zero-Day Vulnerabilities to Deploy Webshells (CVE-2023-46805, CVE-2024-21887)
Malware Analysis, News and Indicators - Latest topics malware.news
In mid-December 2023, researchers at Volexity identified suspicious activity within a client’s network. Their investigation uncovered the deployment of webshells on various internal and external web servers, traced back to the organization’s Ivanti Connect Secure (ICS) VPN appliance.
Upon inspecting the Ivanti Connect Secure VPN appliance, researchers discovered wiped logs and disabled logging, and that the suspicious activity dated back to December 3, 2023.
Subsequent findings confirmed the use of an exploit chain, leveraging zero-day vulnerabilities identified as CVE-2023-46805 …
attackers back client connect cve december december 2023 deploy deployment exploit external ics internal investigation ivanti network organization researchers secure vpn servers uncovered volexity vpn vulnerabilities web web servers webshells zero-day zero-day vulnerabilities