Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
14 October 2024
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.
That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the