Article Details

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - The exploitation of VeraCore vulnerabilities has been attributed to likely a Vietnamese threat actor named XE Group, which has been observed dropping reverse shells and web shells to maintain persistent remote access to compromised systems. On the other hand, there are currently public reports about how the three Ivanti EPM flaws are being weaponized in real-world attacks. A proof-of-concept (PoC) exploit was released by Horizon3.ai last month. The cybersecurity company described them as credential coercion, which is" bugs that could allow an unauthenticated attacker to compromise the servers. In light of active exploitation, it's essential that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches by March 31, 2025. The development comes as threat intelligence firm GreyNose warned of mass exploitation of CVE-2024-4577, a critical vulnerability impacting PHP-CGI, with spikes in attack activity targeting Japan, Singapore, Indonesia, the United Kingdom, Spain, and India. "More than 43% of IPs targeting CVE-2024-4577 in the past 30 days are from Germany and China," GreyNoise said, adding it "detected a coordinated spike in exploitation attempts against networks in multiple countries, suggesting additional automated scanning for vulnerable targets" in February.