Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. Researchers from cybersecurity firm Synacktiv published […]

breaking news bugs connect cve cve-2023-46805 cve-2024-21887 cyber crime deploy devices exploit exploiting flaws hacking ics information security news it information security ivanti ivanti connect secure ivanti connect secure (ics) vpn ivanti vpn january january 2024 krustyloader malware pierluigi paganini policy security software threat threat actors vpn vulnerabilities zero-day zero-day flaws zero-day vulnerabilities