Hi,
Live from Belgium, all the public services of the French part of the country (Wallonia) are offline because a very serious intrusion has been discovered yesterday evening.
A friend told me it may be due to an exploited zero-day vulnerability in a Ivanti VPN endpoint.
Matthieu
I keep asking myself who still buys this junk from Cisco, Fortinet, Crowdstrike, Ivanti, and Okta. But I also ask myself the same thing about the whole Microsoft Bermuda Triangle consisting of MS Active Directory, Exchange, and Outlook.
When I read reports like this, a little devil on my shoulder whispers, “Yes, more, that’s karma…”
in short: Kevin Beaumont: "Exploitation was the primary entry method into or…" - Cyberplace
Three of the four most exploited vulns were zero days, all were in cybersecurity products (Palo-Alto, Ivanti Connect Secure, Ivanti Policy Secure and Fortinet). In most of the cases documented, it was ransomware groups running rings around security vendors, ie the security vendors were the cause of the victims woes due to defective products.
But actually, the task of “security” solutions would be to prevent intruders from getting in and not just to document them.
It comes as a complete surprise that even MFSAor VPN are just valerian for the admins.
Ultimately, you can only protect yourself from zero-day attacks if you don’t use software that regularly has zero-day vulnerabilities in circulation.
And again, it’s not that surprising that knowledge gained from the cracked cloud is used against you.
A “security company” or infrastructure provider that has ever ignored a flaw for so long that it could be exploited from outside should never see another penny from anyone again.
The problem here is a lack of alternatives–OpenLDAP is probably the most opaque, poorly-documented software in existence (to the point where it’s a second-class citizen even in Nethserver). Samba for AD works, I guess, for certain values of “works.” But I think there’s a pretty strong contingent of “if I have to use AD anyway, why not use MS AD?”