Seems it’s exploiting vulnerabilities in some software called “Ivanti Connect Secure VPN”, so unless you’re running that, you’re safe I guess. Says in the past they used vulnerabilities in “Qlik Sense” and Adobe “Magento”. Never heard of any of those, but I guess maybe some businesses use them?
So its spreading via a closed source VPN software. Why should you even use that when there is great VPN software available on Linux which work reliable for decades?
Well of course you miss zero trust connections, multi-cloud readiness, award‑winning security and proven secure corporate access …
These vpns seem to be quite a good target since at least the one my university uses is run as a setuid executable, so if there is a vulnerability in there, you can execute code as root that wasn’t intended to be executed as root.
As TonyTonyChopper this thread said, sometimes that obscure software is what you are required to use in your institution, or they don’t offer support for anything else.
Did I miss the bit where they said how it was delivered?
Seems it’s exploiting vulnerabilities in some software called “Ivanti Connect Secure VPN”, so unless you’re running that, you’re safe I guess. Says in the past they used vulnerabilities in “Qlik Sense” and Adobe “Magento”. Never heard of any of those, but I guess maybe some businesses use them?
So its spreading via a closed source VPN software. Why should you even use that when there is great VPN software available on Linux which work reliable for decades?
Well of course you miss zero trust connections, multi-cloud readiness, award‑winning security and proven secure corporate access …
My university has us use Ivanti to connect to our network from offsite…
These vpns seem to be quite a good target since at least the one my university uses is run as a setuid executable, so if there is a vulnerability in there, you can execute code as root that wasn’t intended to be executed as root.
I pay for ProtonVPN, and I still run my traffic through OpenVPN.
Hate to victim blame, but unless you’re going to audit every line of code yourself, don’t use obscure software.
As TonyTonyChopper this thread said, sometimes that obscure software is what you are required to use in your institution, or they don’t offer support for anything else.
Magento is the e-commerce platform. Adobe acquired it in 2018. Quite a few businesses use it.