What happened to Turkey's HGS toll collection system?

Hackers breached the iOS mobile application of Turkey's national electronic toll collection system (HGS) operated by the Post and Telegraph Organization (PTT). The attackers sent unauthorized notifications through the app, including messages with profane content and ransom demands.

What were the hackers' demands?

The hackers sent two notifications demanding a ransom of $25,000 in Bitcoin, threatening to release user data if the ransom wasn't paid.

Which version of the HGS app was affected?

The attack specifically targeted users of the iOS version of the HGS mobile application.

Was any user data compromised according to PTT?

The PTT General Directorate issued a statement claiming that no data loss or unauthorized access to user information had occurred, despite the breach of the app's messaging service.

How did the attackers access the system?

The attack involved unauthorized access to the app's messaging service, with the intrusion reportedly originating from foreign IP addresses. However, specific details about the nature of the attack have not been disclosed.

Advisory

Ivanti released updates for multiple critical flaws in Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry

published: Dec. 11, 2024

Take action: Another big and urgent advisory from Ivanti. Prioritize patching of Cloud Services Application (CSA) immediately. It has a perfect 10 flaw so don't delay. After addressing CSA, proceed to Connect Secure and Policy Secure, although you don't need to panic (that much).

Learn More

Ivanti has released critical security updates addressing multiple critical vulnerabilities across several products, including Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry.

CVE-2024-11639 (CVSS score 10.0) - Authentication bypass vulnerability. Allows unauthenticated remote attackers to gain administrative access. Affects Ivanti CSA before 5.0.3.
CVE-2024-11772 (CVSS score 9.1) - Command injection vulnerability. Allows authenticated admin users to execute arbitrary code remotely. Affects Ivanti CSA before 5.0.3, but requires administrative privileges to exploit.
CVE-2024-11773 (CVSS score 9.1) - SQL injection vulnerability. Enables execution of arbitrary SQL statements. Affects Ivanti CSA before 5.0.3, but requires administrative privileges to exploit.
CVE-2024-11633 (CVSS score 9.1) - Argument injection in Connect Secure
CVE-2024-11634 (CVSS score 9.1) - Command injection in Connect Secure and Policy Secure
CVE-2024-8540 (CVSS score 8.8) - Insecure permissions in Ivanti Sentry

Patched Versions:

Ivanti Cloud Services Application: Version 5.0.3
Ivanti Connect Secure: Version 22.7R2.4
Ivanti Policy Secure: Version 22.7R1.2
Ivanti Sentry: Versions 9.20.2, 10.0.2, and 10.1.0

While Ivanti reports no active exploitation of these vulnerabilities, immediate patching is strongly recommended given the history of state-sponsored threat actors targeting Ivanti product vulnerabilities.

Ivanti released updates for multiple critical flaws in Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry

Read More
F5 Warns of Critical BIG-IP APM Zero-Day Exploited …
QNAP fixes multiple flaws, at least two critical …
Critical vulnerability in Fortra GoAnywhere actively exploited
CISA warns of hackers exploiting critical bug in …
Perforce Helix Core Server fixes critical remote code …