Security News > 2025 > March > CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
2025-03-31 13:02

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day. The updated mitigation instructions stress the importance of conducting a factory reset of all devices – even those where threat hunting did not reveal evidence of compromise – as well as a factory reset of cloud … More → The post CISA reveals new malware variant used on compromised Ivanti Connect Secure devices appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/03/31/cisa-reveals-new-malware-variant-used-on-compromised-ivanti-connect-secure-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2025-0282 Out-of-bounds Write vulnerability in Ivanti products
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
network
high complexity
ivanti CWE-787
critical
9.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 29 1 56 180 79 316