CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.15.April.24

More Ivanti bugs and PWNing Satellite operation centers

PreviousCCTR.16.April.24NextCCTR.14.April.24

Last updated 11 months ago

Ivanti has issued security updates to fix four vulnerabilities affecting Connect Secure and Policy Secure Gateways, which could potentially lead to code execution and denial-of-service (DoS) attacks. These vulnerabilities impact all supported versions. As of now, there have been no reported attacks exploiting these vulnerabilities in the wild. However, it's worth noting that earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) cautioned about 🐼 hi threat actors targeting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Additionally, CISA itself was hacked using one of them. Ref 🔹The Korean National Satellite Operations Center 🛰️ was targeted in a cyber attack late last year, prompting an investigation by the Korean National Intelligence Service. This incident poses significant risks of satellite control manipulation and data theft. It has been confirmed that a multipurpose practical satellite, serving as a reconnaissance satellite, and a public satellite were compromised during this attack. The full extent of the compromise remains unknown (cough!!🤫). Considering the high value of satellite data in both the space industry and national security, such breaches are of utmost concern. Ref Threat actors often target home users due to their lack of resources and knowledge in defending against attacks, unlike enterprises. Despite smaller financial gains compared to corporate targets, individual victims possess valuable data like credit cards and personal information and their corporate system credentials. Proofpoint observed the distribution of information-stealing malware, such as Vidar, StealC, and Lumma Stealer, via YouTube. Malicious videos, disguised as pirated software or game cracks, lead users to malware-infected links. These videos often target younger users with popular games, exploiting their vulnerability. Ref WordPress and Magento CMS are popular e-commerce platforms, which unfortunately make stores built on them prime targets for cyber attackers. In this recent campaign, malicious code disguised as a Google Analytics script is used to infect WordPress websites. Once activated, the malicious script performs potentially harmful activities such as credit card theft, data theft, unauthorized access, or spreading more malware. Attackers commonly use this tactic to hide the true nature of the code. It is crucial for 🇦🇺Australian e-commerce organisations to exercise caution against such abuses. Ref

https://securityaffairs.com/161465/security/ivanti-code-execution-dos-flaws.html
https://www.chosun.com/english/national-en/2024/03/27/4GEZDNF5F5DVBDGG7LOLWV4DJ4/
https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks
https://blog.sucuri.net/2024/04/magento-shoplift-ecommerce-malware-targets-both-wordpress-magento-cms.html