SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

Jan 9, 2025

Explore critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure, with insights on urgent security updates. Discover the alarming command injection risks in Aviatrix Network Controllers, which allow for unauthorized code execution. Dive into the innovative tactics of researchers hijacking abandoned domains linked to backdoors, revealing new threats to system security. This information emphasizes the importance of staying vigilant in an ever-evolving cyber landscape.

06:04

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Recent research reveals that hijacked abandoned domains still expose systems to risks from previously installed cyber backdoors.

Urgent security advisories highlight critical vulnerabilities in Ivanti's secure gateway products due to active exploitation in the wild.

Deep dives

Domain Hijacking to Uncover Compromised Systems

Registering expired domains can be a tactic to access abandoned infrastructure, but recent research by Watchtower highlights a novel approach where they targeted abandoned domains previously used by attackers. By re-registering these domains, Watchtower was able to set up their own servers and gain access to thousands of compromised systems that were still trying to connect to them. The research revealed that many backdoors installed by attackers were still operational and calling back to these re-registered domains, allowing Watchtower to identify various affected companies and government agencies worldwide. This demonstrates how previously abandoned cyber resources can still pose significant security risks due to lingering connections from compromised systems.

Exploiting Abandoned Domains and Urgent Security Vulnerabilities

6min

In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Domain Hijacking to Uncover Compromised Systems

Critical Vulnerabilities and Upcoming Patches

Remember Everything You Learn from Podcasts