1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ivanti warns another critical security flaw is being attacked

    From TechnologyDaily@1337:1/100 to All on Thu Jan 9 19:15:05 2025
    Ivanti warns another critical security flaw is being attacked

    Date:
    Thu, 09 Jan 2025 19:08:00 +0000

    Description:
    Ivanti uncovers multiple flaws in its VPN appliances.

    FULL STORY ======================================================================Ivanti uncovers two security vulnerabilities, including one critical-severity One of the flaws was being abused as a zero-day by a Chinese threat actor
    Researchers uncovered never-before-seen malware being deployed in the attack

    Ivanti has warned customers of a critical vulnerability impacting its VPN appliances that is being actively exploited in the wild to drop malware .

    In a security advisory, Ivanti said that it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283, both of which are impacting
    Ivanti Connect Secure VPN appliances.

    The former seems to be the more dangerous of the two. It is given a severity score of 9.0 (critical), and is described as an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network, it was said.

    The second vulnerability, also a stack-based buffer overflow, comes with a
    7.0 severity score (high). New malware deployed

    The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools.

    In partnership with security researchers at Mandiant , Ivanti determined the first vulnerability has been abused in the wild as a zero-day, most likely by multiple threat actors.

    In at least one of the compromised VPNs, Mandiant found the threat actors deploying the SPAWN ecosystem of malware (including SPAWNANT installer, SPAWNMOLE tunneler, and SPAWNSNAIL SSH backdoor).

    The group behind this attack was identified as UNC5221, which is apparently,
    a China-nexus espionage group, active since at least December 2023.

    In the past, UNC5221 has been linked to the exploitation of zero-day vulnerabilities in Ivanti Connect Secure VPN appliances, targeting organizations in telecommunications, healthcare, and public sectors. The
    group focuses on data exfiltration and espionage.

    Mendiant has also seen crooks drop previously unseen malware, now tracked as DRYHOOK and PHASEJAM. They were not able to attribute these families to any known threat actor.

    It is possible that multiple actors are responsible for the creation and deployment of these various code families (i.e. SPAWN, DRYHOOK and PHASEJAM), but as of publishing this report, we don't have enough data to accurately assess the number of threat actors targeting CVE-2025-0282, Ivanti said in
    the report. You might also like US Treasury declares major incident after apparent state-sponsored Chinese hack Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ivanti-warns-another-critical-security- flaw-is-being-attacked


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)