

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems
4 snips Jan 9, 2025
Explore critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure, with insights on urgent security updates. Discover the alarming command injection risks in Aviatrix Network Controllers, which allow for unauthorized code execution. Dive into the innovative tactics of researchers hijacking abandoned domains linked to backdoors, revealing new threats to system security. This information emphasizes the importance of staying vigilant in an ever-evolving cyber landscape.
AI Snips
Chapters
Transcript
Episode notes
Abandoned Attacker Infrastructure
- Watchtower registered expired domains used by attackers for command and control.
- They gained access to thousands of compromised systems, including government agencies and companies.
Patch Ivanti Products
- Patch Ivanti Connect Secure, Policy Secure, and CTA gateways immediately due to actively exploited vulnerabilities.
- Pay attention to alerts from Ivanti's integrity monitoring tool.
Patch Aviatrix Network Controller
- Patch Aviatrix Network Controllers due to a simple command injection vulnerability.
- Though limited in number, these systems are often internal and good lateral movement targets.