TLDR: SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)
Key Points:
- CISA issued advisories regarding Phobos Ransomware and Ivanti Connect Secure vulnerabilities
- SafeBreach provides coverage against both threats to help organizations validate their security controls
In response to CISA advisories, SafeBreach has expanded its coverage to include Phobos Ransomware and Ivanti Connect Secure vulnerabilities. The advisory concerning Phobos Ransomware highlights the tactics, techniques, and procedures (TTPs) used by threat actors who target state, local, tribal, and territorial (SLTT) governments. Phobos is connected to various ransomware variants and is known to use open-source tools like Smokeloader and Cobalt Strike. On the other hand, the Ivanti advisory discusses vulnerabilities exploited by threat actors to bypass authentication and execute arbitrary commands on Ivanti Connect Secure and Policy Secure gateways. SafeBreach customers can assess their security controls against these threats using the provided attacks. It is crucial for organizations to continually validate their security programs in response to evolving cyber threats.