OTX Bot<p>Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities</p><p>The article details malware and tactics used in attacks targeting Ivanti Connect Secure vulnerabilities from December 2024 to July 2025. It describes MDifyLoader, a loader based on libPeConv, which deploys Cobalt Strike Beacon through DLL side-loading. The attackers also utilized vshell, a multi-platform RAT, and Fscan, a network scanning tool. After gaining initial access, the threat actors performed lateral movement using brute-force attacks, exploited vulnerabilities, and used stolen credentials. They established persistence by creating domain accounts and registering malware as services or scheduled tasks. The attackers employed various evasion techniques, including the use of legitimate files and ETW bypasses.</p><p>Pulse ID: 6879f8b560d48aaf15291507<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6879f8b560d48aaf15291507" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6879f</span><span class="invisible">8b560d48aaf15291507</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-18 07:33:09</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.6Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#connectsecure
0 posts · 0 participants · 0 posts today
Cedric<p>🚨 April 2025 Vulnerability Report is out! 🚨</p><p>👉 <a href="https://www.vulnerability-lookup.org/2025/05/01/vulnerability-report-april-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">vulnerability-lookup.org/2025/</span><span class="invisible">05/01/vulnerability-report-april-2025/</span></a></p><p>The most prominent vulnerabilities affect the following products:</p><p>- <a href="https://social.circl.lu/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> / <a href="https://social.circl.lu/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a><br>- <a href="https://social.circl.lu/tags/Erlang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Erlang</span></a> / OTP<br>- <a href="https://social.circl.lu/tags/SAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAP</span></a> / SAP NetWeaver</p><p>The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate).</p><p>💻 NISDUC Conference</p><p><a href="https://social.circl.lu/tags/VulnerabilityLookup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityLookup</span></a> will be presented during the fourth <a href="https://social.circl.lu/tags/NISDUC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NISDUC</span></a> conference.</p><p>👉 <a href="https://www.nisduc.eu" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">nisduc.eu</span><span class="invisible"></span></a></p><p><a href="https://social.circl.lu/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.circl.lu/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.circl.lu/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
Pyrzout :vm:<p>ConnectSecure empowers MSPs to mitigate risks within their clients’ Google Workspace environments <a href="https://www.helpnetsecurity.com/2025/04/15/connectsecure-google-workspace-assessments/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/04/15</span><span class="invisible">/connectsecure-google-workspace-assessments/</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/Industrynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Industrynews</span></a></p>
Pyrzout :vm:<p>Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle – Source: www.securityweek.com <a href="https://ciso2ciso.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/rapid7-reveals-r</span><span class="invisible">ce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-22457 <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.skynetcloud.site/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rapid7</span></a> <a href="https://social.skynetcloud.site/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a></p>
Pyrzout :vm:<p>Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle <a href="https://www.securityweek.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/rapid7-reveal</span><span class="invisible">s-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/</span></a> <a href="https://social.skynetcloud.site/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE202522457" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202522457</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.skynetcloud.site/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rapid7</span></a> <a href="https://social.skynetcloud.site/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a></p>
Pyrzout :vm:<p>Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle <a href="https://www.securityweek.com/rapid7-reveals-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/rapid7-reveal</span><span class="invisible">s-rce-path-in-ivanti-vpn-appliance-after-silent-patch-debacle/</span></a> <a href="https://social.skynetcloud.site/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE202522457" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202522457</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.skynetcloud.site/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rapid7</span></a> <a href="https://social.skynetcloud.site/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a></p>
Pyrzout :vm:<p>Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances – Source: www.securityweek.com <a href="https://ciso2ciso.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/chinese-apt-poun</span><span class="invisible">ces-on-misdiagnosed-rce-in-ivanti-vpn-appliances-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-22457 <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/PulseConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PulseConnect</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/UNC5221" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5221</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances <a href="https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/chinese-apt-p</span><span class="invisible">ounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE202522457" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202522457</span></a> <a href="https://social.skynetcloud.site/tags/PulseConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PulseConnect</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/UNC5221" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5221</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances <a href="https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/chinese-apt-p</span><span class="invisible">ounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE202522457" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202522457</span></a> <a href="https://social.skynetcloud.site/tags/PulseConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PulseConnect</span></a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mandiant</span></a> <a href="https://social.skynetcloud.site/tags/UNC5221" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5221</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Rene Robichaud<p>PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability<br><a href="https://gbhackers.com/poc-ivanti-connect-secure-rce-vulnerability/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/poc-ivanti-conne</span><span class="invisible">ct-secure-rce-vulnerability/</span></a></p><p><a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/CeptBiro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CeptBiro</span></a> <a href="https://mastodon.social/tags/PoCExploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PoCExploit</span></a> <a href="https://mastodon.social/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://mastodon.social/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p>
Pyrzout :vm:<p>Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways – Source:hackread.com <a href="https://ciso2ciso.com/ivanti-urges-patch-for-flaws-in-connect-secure-policy-secure-and-zta-gateways-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/ivanti-urges-pat</span><span class="invisible">ch-for-flaws-in-connect-secure-policy-secure-and-zta-gateways-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/PolicySecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolicySecure</span></a> <a href="https://social.skynetcloud.site/tags/ZTAGateways" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZTAGateways</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways <a href="https://hackread.com/ivanti-patch-flaws-connect-secure-policy-secure-zta-gateways/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/ivanti-patch-flaw</span><span class="invisible">s-connect-secure-policy-secure-zta-gateways/</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/PolicySecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolicySecure</span></a> <a href="https://social.skynetcloud.site/tags/ZTAGateways" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZTAGateways</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product <a href="https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/ivanti-warns-</span><span class="invisible">of-new-zero-day-attacks-hitting-connect-secure-product/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE20250282" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE20250282</span></a> <a href="https://social.skynetcloud.site/tags/CVE20250283" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE20250283</span></a> <a href="https://social.skynetcloud.site/tags/Featured" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Featured</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product <a href="https://www.securityweek.com/ivanti-warns-of-new-zero-day-attacks-hitting-connect-secure-product/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/ivanti-warns-</span><span class="invisible">of-new-zero-day-attacks-hitting-connect-secure-product/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&Threats <a href="https://social.skynetcloud.site/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/CVE20250282" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE20250282</span></a> <a href="https://social.skynetcloud.site/tags/CVE20250283" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE20250283</span></a> <a href="https://social.skynetcloud.site/tags/Featured" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Featured</span></a> <a href="https://social.skynetcloud.site/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a></p>
Pyrzout :vm:<p>ConnectSecure unveils M365 Assessment Module to help MSPs identify security weaknesses <a href="https://www.helpnetsecurity.com/2024/10/01/connectsecure-m365-assessment-module/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2024/10/01</span><span class="invisible">/connectsecure-m365-assessment-module/</span></a> <a href="https://social.skynetcloud.site/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.skynetcloud.site/tags/Industrynews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Industrynews</span></a></p>
Not Simon<p><strong>MITRE</strong> disclosed that one of their research and development networks was compromised by a foreign nation-state threat actor in January 2024 using Ivanti Connect Secure zero-days CVE-2023-46805 and CVE-2024-21887. Networked Experimentation, Research, and Virtualization Environment (NERVE) is a collaborative network used for research, development, and prototyping. MITRE included a timeline, observed TTP methods (mapped out to MITRE ATT&CK techniques cc: <span class="h-card" translate="no"><a href="https://infosec.exchange/@howelloneill" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>howelloneill</span></a></span>) and their incident response actions. No IOC provided. 🔗 <a href="https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">mitre.org/news-insights/news-r</span><span class="invisible">elease/mitre-response-cyber-attack-one-its-rd-networks</span></a> and <a href="https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/mitre-engenuity/adv</span><span class="invisible">anced-cyber-threats-impact-even-the-most-prepared-56444e980dc8</span></a> h/t <span class="h-card" translate="no"><a href="https://infosec.exchange/@reverseics" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>reverseics</span></a></span> </p><p>cc: <span class="h-card" translate="no"><a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>campuscodi</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> </p><p><a href="https://infosec.exchange/tags/MITRE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MITRE</span></a> <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://infosec.exchange/tags/CVE_2023_46805" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2023_46805</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21887" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21887</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberespionage</span></a></p>
Not Simon<p>I buried the lede in not mentioning that UNC5291 is assessed with medium confidence to be associated with <strong>Volt Typhoon</strong>, a Chinese state-sponsored Advanced Persistent Threat (APT). See related The Record reporting: <a href="https://therecord.media/volt-typhoon-china-targeting-energy-defense-ivanti-bugs" rel="nofollow noopener" target="_blank">Volt Typhoon and 4 other groups targeting US energy and defense sectors through Ivanti bugs</a></p><p><a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberespionage</span></a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/KEV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KEV</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CVE_2023_46805" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2023_46805</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21887" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21887</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21893" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21893</span></a> <a href="https://infosec.exchange/tags/UNC5221" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5221</span></a> <a href="https://infosec.exchange/tags/UNC5266" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5266</span></a> <a href="https://infosec.exchange/tags/UNC5330" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5330</span></a> <a href="https://infosec.exchange/tags/UNC5337" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5337</span></a> <a href="https://infosec.exchange/tags/UNC5291" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5291</span></a></p>
Not Simon<p><strong>Mandiant</strong> releases part 4 of the Ivanti Connect Secure incident response investigation. They detail different types of post-exploitation activity across their IR engagements. Chinese threat actors have a growing knowledge of Ivanti Connect Secure in abusing appliance-specific functionality to perform actions on objective. They highlight FIVE Chinese threat actors: UNC5221, UNC5266, UNC5330, UNC5337, and UNC5291 abusing a mix of CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. New TTPs, new malware families and new IOC: 🔗 <a href="https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cloud.google.com/blog/topics/t</span><span class="invisible">hreat-intelligence/ivanti-post-exploitation-lateral-movement</span></a></p><p>EDIT: For your situational awareness, it's my understanding that future Mandiant articles will be located at <a href="https://cloud.google.com/blog/topics/threat-intelligence/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cloud.google.com/blog/topics/t</span><span class="invisible">hreat-intelligence/</span></a></p><p><a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberespionage</span></a> <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploitation</span></a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eitw</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/KEV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KEV</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CVE_2023_46805" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2023_46805</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21887" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21887</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21893" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21893</span></a> <a href="https://infosec.exchange/tags/UNC5221" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5221</span></a> <a href="https://infosec.exchange/tags/UNC5266" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5266</span></a> <a href="https://infosec.exchange/tags/UNC5330" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5330</span></a> <a href="https://infosec.exchange/tags/UNC5337" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5337</span></a> <a href="https://infosec.exchange/tags/UNC5291" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC5291</span></a></p>
Not Simon<p>I want to get off Mr. <strong>Ivanti</strong>'s wild ride: security advisory for Ivanti Connect Secure and Ivanti Policy Secure: 🔗 <a href="https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">forums.ivanti.com/s/article/SA</span><span class="invisible">-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways</span></a> and blog post: <a href="https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-policy-secure" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ivanti.com/blog/security-updat</span><span class="invisible">e-for-ivanti-connect-secure-and-policy-secure</span></a></p><ul><li>CVE-2024-21894 (8.2 high) heap overflow leads to Denial of Service (DoS), and sometimes arbitrary code execution</li><li>CVE-2024-22052 (7.5 high) null pointer dereference causes DoS</li><li>CVE-2024-22053 (8.2 high) heap overflow leads to DoS or information disclosure</li><li>CVE-2024-22023 (5.3 medium) XML entity expansion (XEE) causes a limited-time DoS</li></ul><blockquote><p>We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. </p></blockquote><p><a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://infosec.exchange/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://infosec.exchange/tags/PolicySecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolicySecure</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/CVE_2024_21894" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_21894</span></a> <a href="https://infosec.exchange/tags/CVE_2024_22052" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_22052</span></a> <a href="https://infosec.exchange/tags/CVE_2024_22053" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_22053</span></a> <a href="https://infosec.exchange/tags/CVE_2024_22023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2024_22023</span></a></p>
OTX Bot<p>Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways</p><p>Cyber threat actors are actively exploiting multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways that can be chained to bypass authentication, craft malicious requests, and execute arbitrary commands. This enables threat actors to implant web shells for persistence and harvest credentials stored on compromised devices.</p><p>Pulse ID: 65e1a5b18d307f0d4139697b<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/65e1a5b18d307f0d4139697b" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/65e1a</span><span class="invisible">5b18d307f0d4139697b</span></a> <br>Pulse Author: AlienVault<br>Created: 2024-03-01 09:53:53</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Ivanti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ivanti</span></a> <a href="https://social.raytec.co/tags/ConnectSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectSecure</span></a> <a href="https://social.raytec.co/tags/PolicySecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolicySecure</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload