There’s no joy here. But is this MITRE falling to a probable T1190 (Maybe?) Absolutely correct me if I’m wrong about the specific ATT&CK TTP / choice.
FAIL!
Why are people still using Pulse? It’s so, so bad.
Haha, works just moved us to IVANTI endpoint manage and Pulse secure VPN…
Sweating nervously
MITRE getting hacked… ouch
“No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said MITRE CEO Jason Providakes on Friday.
I don’t know about that. If you mean to zero day, sure, but that’s like saying the sky is blue.
Also, if Ivanti appliances are intended for security, to me that is a very damning discovery. Shouldn’t products intended for security be … well … secure? Like, engineered with high standards for security?
Nerve is an R&D network mostly to collaborate with other organizations, so not the corporate network where more sensitive FFRDC data is stored. I’d be interested to see if this was a specific project space or part of the underlying Nerve infrastructure
Multiple zero days were observed back in Jan 2024, when patching those they found more… in Feb 2024 CISA set a 48 hour deadline to remove the Ivanti Pluse product from fed agencies… probably more examples…
MITRE is the fool here, plenty of warning…
0 days are the best exploits
Holding to the Microsoft standard we are all supposed to dump MITRE now.
It was an amazing platform for what it did. But this has been bad and handled terribly.
So I don’t know much about Ivanti, other than that I used to work for AppSense who have since been acquired by them. Are any of the recent zero days related to the AppSense products?
For the same reason that people will still be using vmware in 15 years
Why is anyone using Ivanti? Just sharks hihacking other people’s hard work and neglecting development & security.
”On the call, they proposed the following options: sell Patch My PC to Ivanti, pay Ivanti a per-device licensing fee, or prepare for legal action”
Who the hell would switch TO pulse secure VPN?
It’s a zero day disaster! It’s had more critical patches in 2 months than anything on the planet.
It’s an absolute shit show.
Well I hope it’s updated and China has moved onto the next vendor lol
Bro thats how norton healthcare got pwnd
Pulse secure is legit end of life in June.
Tomorrow
CVE:123:me
It’s almost impossible to identify every possible potential vector that could be potentially exploited, and from a security vendor perspective, it’s costly to invest significant time into pen testing. Every technology is going to have a vulnerability, it’s just the cat and mouse game that we play.
The bigger piece for me is how a vendor discovers and responds to those vulnerabilities. Are they internally discovered, or are they discovered actively being exploited? Is the vendor transparent with the findings, or do they try to hide from it? How quickly do they have a workaround and a patch available?
Ivanti has flopped pretty much everything with this. I think this is the result of a non-security vendor purchasing an Internet facing security product and not having the experience on how to handle these things.
Good point, and I agree the security products should be secure themselves or even moreso than other IT products. If they weren’t then they would just add to the attack surface or just make it even worse
Unfortunately Ivanti has had high severity, high profile vulnerabilities over the years so a lot of companies are really dumping them lately