All news with #ivanti tag

🛡️ CISA released a Malware Analysis Report analyzing two malware families recovered from an organization compromised via CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile. The report, titled Malicious Listener for Ivanti EPMM Systems, provides indicators of compromise and detection content including YARA and SIGMA rules to support hunting and response. Recommended mitigations stress upgrading Ivanti EPMM to the latest versions and treating mobile device management systems as high-value assets with enhanced monitoring, access controls, and restrictions.

🔍 CISA analyzed malicious artifacts deployed after threat actors exploited CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM). The report details two distinct loader/listener sets written to /tmp that enable arbitrary code execution through crafted HTTP requests. CISA provides IOCs, YARA and SIGMA detection rules, and recommends immediate patching and treating MDM systems as high-value assets.

🔒 Salt Typhoon, a persistent Chinese-aligned threat actor, has expanded operations into the Netherlands by compromising routers at smaller ISPs and hosting providers. Intelligence agencies report the group exploits known flaws in Ivanti, Palo Alto Networks, and Cisco devices to obtain long-term access and pivot through trusted provider links. Authorities urge organizations to audit configurations, disable management access, enforce public-key administrative authentication, remove default credentials, and keep vendor-recommended OS versions up to date to reduce exposure.

🔍 Salt Typhoon, a Chinese state-aligned APT also tracked as Operator Panda/RedMike, is the subject of a joint advisory from intelligence and cybersecurity agencies across 13 countries. The report links the group to Chinese entities tied to the PLA and MSS and documents repeated exploitation of n-day flaws in network edge devices from vendors such as Ivanti, Palo Alto Networks and Cisco. It details persistence via ACL modifications, tunneled proxies, credential capture via RADIUS/TACACS+, and exfiltration over peering and BGP, and urges telecoms to hunt for intrusions, patch quickly and harden management interfaces.

🔒Salt Typhoon, a China-linked APT, exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks edge devices to compromise and persistently control routers worldwide. The actors modified device configurations, created GRE tunnels, and used on-box Linux containers to stage tools and exfiltrate data. Agencies from 13 countries linked the campaign to three Chinese firms and warned of espionage impacting telecoms, government, transport, lodging, and military sectors.