It looks like China’s Volt Typhoon has found a new way into American networks as Versa has disclosed a nation-state backed attacker has exploited a high-severity bug affecting all of its SD-WAN customers using Versa Director. This vulnerability, tracked as CVE-2024-39717, is being abused to plant custom, credential-harvesting web shells on customers’ networks, according to Black Lotus Labs. Lumen Technologies’ security researchers have attributed “with moderate confidence”

Source: The Register