Security Flaws in Ivanti Connect Secure Devices Exploited to Deploy Mirai Botnet

Key Points:

• Two newly disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the notorious Mirai botnet, as per Juniper Threat Labs.
• The vulnerabilities, tagged as CVE-2023-46805 and CVE-2024-21887, are used to deliver the botnet payload.
• CVE-2023-46805 is identified as an authentication bypass flaw.

Details:

Juniper Threat Labs recently disclosed that two major security flaws in Ivanti Connect Secure (ICS) devices are under exploit. These are being used to deploy the infamous Mirai botnet. The flaws, known as CVE-2023-46805 and CVE-2024-21887, are leveraged primarily to deliver the damaging botnet payload. More worrisome is the fact that CVE-2023-46805 is an authentication bypass flaw. This means that the attackers may be able to bypass any security measures put in place to protect the network or system and gain unauthorized access.

Hot Take:

In the rapidly evolving digital landscape, IT security is becoming more challenging by the day. This incident serves as a painful reminder that companies and individuals must always stay updated about potential vulnerabilities in their devices. It is essential to implement patches and updates as soon as they are released to mitigate the risk of botnet attacks and other threats. The authentication bypass flaw, in particular, is a key threat as it gives hackers a direct path into intruding systems and networks. IT communities and companies must be committed, now more than ever, to rigorous security practices, proactive threat detection, and quick response measures.

Original Article: https://thehackernews.com/2024/05/mirai-botnet-exploits-ivanti-connect.html