I’m Peter with Cradlepoint, part of Ericsson, and this is your Saturday Security Story for the week ending April 27th, 2024. The nonprofit Mitre Corporation, well respected institution responsible for the MITRE ATT&CK Framework, was attacked themselves by no less than approximately eight of their own techniques. Now, they’ve reported that back in January, nation state adversaries were able to infiltrate their network via two zero-day vulnerabilities tied to their Ivanti VPN. They were able to bypass multi-factor, and once they were in, they were then able to lateral move to an unclassified research and virtualized network, being able to then drop some shells in for a persistence and credential stealing. So always keep an eye. Just goes to show you anyone can get attacked. It’s been 15 years since they had a major incident. Isolation might have helped.
[ad_2]
source
