Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

Omega Balla
The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks.

The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks. 

The technology company updated an advisory on Friday warning that a “limited number of customers” were breached through the exploitation of CVE-2024-8190. 

The bug was announced on Tuesday and effects Ivanti’s Cloud Service Appliance (CSA) — a tool that provides secure communication over the internet and acts as a center point for managed devices and central consoles are connected. 

Exploitation of the bug, which the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday as well, gives hackers “access to the device running the CSA.”

The advisory notes that CSA 4.6 is end-of-life and “no longer receives patches for OS or third-party libraries.” 

“Additionally, with the end-of-life status this is the last fix that Ivanti will backport for this version. Customers must upgrade to Ivanti CSA 5.0 for continued support,” they said. “CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.”

CISA ordered all federal civilian agencies to remove CSA 4.6. from service or upgrade to the 5.0. by October 4. 

Ivanti said users will know they are impacted by exploitation of the bug by looking to see if there are modified or newly added administrative users. They also urged customers to check security alerts if they have certain security tools involved. 

The issue arose one day after another Ivanti bug caused alarm among defenders. The company pledged a security overhaul in April after a cascade of headline-grabbing nation-state attacks broke through the systems of government agencies in the U.S. and Europe using vulnerabilities in Ivanti products.

CybercrimeGovernmentNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft

Next Post

‘Clipper’ malware is being used to steal crypto, Binance warns

Related Posts

Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique
Avatar
Read More

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ
Avatar
Read More