Ivanti bugs are still being targeted by Chinese hackers, Google warns

News Snapshot:

Hackers are still abusing multiple vulnerabilities in Ivanti products, which were discovered and patched early this year. Among them is Volt Typhoon, an infamous Chinese-backed hacking collective, warned cybersecurity researchers from Google-owned Mandiant, reporting “multiple clusters of activity” surrounding CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. These three flaws, affecting Ivanti Connect Secure and Ivanti Policy Secure gateways, were discovered early this year, after Ivanti warned of multiple hacking groups abusing them to take over vulnerable devices. Dropping malware and cryptominers Soon after, the US Cybersecurity and Infrastructure Security Agency (CISA) warned government agencies to patch the flaws immediately, as they were being...