Tag: ivanti
-
CISA Warns of Resurge Malware Connected to Ivanti Vuln
Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-warns-resurge-malware-ivanti-vuln
-
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
CISA Publishes Anatomy of Advanced Ivanti VPN Malware. Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881
-
CISA warns new malware targeting Ivanti zero-day vulnerability
CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure;and ZTA Gateway products, was disclosed and patched in January. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-warns-malware-targeting-ivanti-zero-day/743967/
-
New Malware Variant RESURGE Exploits Ivanti Vulnerability
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-resurge-exploits-ivanti/
-
CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day. The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-analyzes-malware-used-in-ivanti-connect-secure-zero-day-attacks/
-
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/31/cisa-reveals-new-malware-variant-used-on-compromised-ivanti-connect-secure-devices/
-
CISA warns of RESURGE malware exploiting Ivanti flaw
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, infrastructure, ivanti, malicious, malware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware calledRESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect…
-
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances.”RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that First seen…
-
Breach Roundup: The Ivanti Patch Treadmill
Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
-
Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns
Tags: apt, china, cisa, cyberespionage, exploit, flaw, group, ivanti, remote-code-execution, vpn, vulnerability, zero-dayIvanti products in attackers’ crosshairs: Multiple Ivanti products have been targeted by attackers over the past year, especially by state-sponsored cyberespionage groups who developed zero-day exploits for them.Back in January Ivanti patched a critical remote code execution flaw in its Connect Secure SSL VPN appliance that a Chinese APT group had exploited as a zero-day…
-
3 Ivanti flaws added to CISA list of known exploited vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/news/3-ivanti-flaws-added-to-cisa-list-of-known-exploited-vulnerabilities
-
Advantive VeraCore, Ivanti EPM flaws added to CISA vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/advantive-veracore-ivanti-epm-flaws-added-to-cisa-vulnerabilities-catalog
-
3 Ivanti endpoint vulnerabilities exploited in the wild
Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-3-ivanti-endpoint-vulnerabilities-exploited-in-the-wild/742168/
-
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/
-
CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-kev-ivanti-critical/
-
CISA Warns of Ivanti EPM Vulnerability Exploitation
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-ivanti-epm-vulnerability-exploitation/
-
CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog
Tags: cisa, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being actively exploited in the wild, prompting federal agencies and organizations to implement remediation measures before…
-
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore First…
-
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access
Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-dayTwo-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…
-
Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently discovered botnet of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/02/week-in-review-botnet-hits-m365-accounts-poc-for-ivanti-endpoint-manager-vulnerabilities-released/
-
2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks
Tags: cyber, cyberattack, cybersecurity, data-breach, exploit, flaw, government, infrastructure, ivanti, network, risk, vpn, vulnerabilityA sweeping cybersecurity alert has emerged as researchers identify 2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467. The findings, published by cybersecurity watchdog Shadowserver Foundation, reveal systemic risks to virtual private network (VPN) infrastructures relied upon by enterprises and government agencies for secure remote access. Vulnerability Scope and…
-
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/24/poc-exploit-for-ivanti-endpoint-manager-vulnerabilities-released-cve-2024-13159/
-
SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix
In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow vulnerability CVE-2025-0282 in Ivanti Connect Secure, as confirmed by JPCERT/CC. This vulnerability, disclosed in January 2025, had already been actively exploited since late December 2024, prior to its public announcement. The malware, an evolved variant of the SPAWN family, integrates…
-
Breach Roundup: Microsoft Patches Two Zero-Days in February
Also: Google Fixes YouTube Vulnerabilities That Could Have Exposed User Emails. This week: Microsoft, Ivanti and Google release fixes for critical vulnerabilities and urge priority patching; Lee Enterprises confirms a cyberattack disrupted newspaper operations; and thousands of KerioControl Firewalls exposed to critical remote code execution flaws. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-microsoft-patches-two-zero-days-in-february-a-27515
-
Ivanti Issues Updates to Fix Critical Vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-issues-updates-to-fix-critical-vulnerabilities
-
Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
First seen on scworld.com Jump to article: www.scworld.com/news/ivanti-fixes-4-critical-flaws-including-cvss-9-9-in-connect-secure
-
CISA, FBI call software with buffer overflow issues ‘unforgivable’
Microsoft, VMWare, Ivanti flaws called out: The feds highlighted a list of buffer overflow bugs affecting leading vendors like Microsoft, Ivanti, VMWare, Citrix and RedHat, ranging from high to critical severity, and some already having in-the-wild exploits.The list included two Microsoft flaws that could allow, local attackers in container-based environments to gain system privileges (CVE-2025-21333),…
-
Chinese Hackers Suspected in Ivanti CSA Attacks: Webshells and Lateral Movement Detected Sources and related content
A series of critical vulnerabilities affecting Ivanti Cloud Service Appliance (CSA) 4.6 have been actively exploited in the First seen on securityonline.info Jump to article: securityonline.info/chinese-hackers-suspected-in-ivanti-csa-attacks-webshells-and-lateral-movement-detected-sources-and-related-content/
-
Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
Summary Ivanti has released security updates addressing nine vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC), and Ivanti First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/02/12/ivanti-ics-ips-isac-csa-multiple-vulnerabilities-disclosed-and-patched/