CISA and FBI issue new warning about old Ivanti flaws
They claim the flaws are being abused in coordinated attacks
The bugs were patched in September and October 2024, so update now
Security flaws in Ivanti Cloud Service Appliance (CSA) discovered and patched in September and October 2024 are still being used to breach networks, a new security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI has warned.
In the advisory, the two agencies claim threat actors are chaining together four vulnerabilities – two in one chain: CVE-2024-8963, and CVE-2024-8190, and two in another: CVE-2024-9379, and CVE-2024-9380.