Security News > 2025 > March > CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day. The updated mitigation instructions stress the importance of conducting a factory reset of all devices – even those where threat hunting did not reveal evidence of compromise – as well as a factory reset of cloud … More → The post CISA reveals new malware variant used on compromised Ivanti Connect Secure devices appeared first on Help Net Security.
News URL
Related news
- CISA spots spawn of Spawn malware targeting Ivanti flaw (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |