Stay secure with SafeBreach Coverage for Phobos Ransomware and Ivanti

March 2, 2024
1 min read


TLDR: SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)

Key Points:

  • CISA issued advisories regarding Phobos Ransomware and Ivanti Connect Secure vulnerabilities
  • SafeBreach provides coverage against both threats to help organizations validate their security controls

In response to CISA advisories, SafeBreach has expanded its coverage to include Phobos Ransomware and Ivanti Connect Secure vulnerabilities. The advisory concerning Phobos Ransomware highlights the tactics, techniques, and procedures (TTPs) used by threat actors who target state, local, tribal, and territorial (SLTT) governments. Phobos is connected to various ransomware variants and is known to use open-source tools like Smokeloader and Cobalt Strike. On the other hand, the Ivanti advisory discusses vulnerabilities exploited by threat actors to bypass authentication and execute arbitrary commands on Ivanti Connect Secure and Policy Secure gateways. SafeBreach customers can assess their security controls against these threats using the provided attacks. It is crucial for organizations to continually validate their security programs in response to evolving cyber threats.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and