SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation
Sep 23, 2025
CISA reports sightings of backdoors installed through patched Ivanti EPMM vulnerabilities, raising concerns about security. LastPass warns of fake GitHub repositories impersonating companies to spread Mac malware. Additionally, ransomware exploiting exposed Oracle Database Scheduler services has been uncovered, showcasing the ever-evolving threats in cybersecurity. Stay informed to protect your systems!
AI Snips
Chapters
Transcript
Episode notes
Ivanti EPMM Exploits Linked To Backdoors
- CISA linked backdoors to exploitation of Ivanti EPMM vulnerabilities patched in May.
- Unpatched Ivanti EPMM instances likely remain and may already be compromised.
Patch And Hunt For Ivanti Compromises
- Patch Ivanti EPMM now if you haven't applied May fixes yet.
- If you find unpatched systems, check immediately for signs of compromise and indicators of compromise.
GitHub Impersonation Targets Macs
- Attackers used fake GitHub repositories impersonating vendors to distribute Mac-targeting malware.
- These repos often offer pirated 'premium' apps and change names as they are taken down.