Feb. 5, 2024, 1:26 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Authors: David Brown and Mungomba Mulenga


TL;dr


NCC Group has observed what we believe to be the attempted exploitation of CVE-2021-42278 and CVE-2021-42287 as a means of privilege escalation, following the successful compromise of an Ivanti Secure Connect VPN using the following zero-day vulnerabilities reported by Volexity1 on 10/01/2024:



  • CVE-2023-46805 – an authentication-bypass vulnerability with a CVSS score of 8.2



  • CVE-2024-21887 – a command-injection vulnerability found into multiple web components with a CVSS score of 9.1


By combining these vulnerabilities …

admin authors compromise connect cve domain domain admin escalation exploitation ivanti malware analysis ncc ncc group privilege privilege escalation threat threat actors vpn we believe

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Embedded Security Analyst

@ Sibylline Ltd | Mountain View, California, United States