🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Arstechnica

Arstechnica · 7m ago

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Ivanti VPN networks are under attack due to a critical vulnerability, CVE-2025-0283, allowing hackers full control over devices. Exploited on Ivanti’s Connect Secure VPN and other gateways, this vulnerability facilitates malware installation, including DRYHOOK and PHASEJAM. PHASEJAM deceives administrators with convincing fake upgrade processes. Malware like SPAWNANT disables security checks and persists through upgrades, aiming to collect sensitive data. These attacks are attributed to China-based espionage groups UNC5337 and UNC5221.

Related News

Ivanti VPN security flaws are being attacked again by Chinese hackers

Techradar

Techradar · 1y ago

Ivanti VPN security flaws are being attacked again by Chinese hackers

Chinese hackers are reportedly utilizing the recently discovered security flaws in Ivanti VPN to deploy malware. The hackers, known as UNC5325, are employing living-off-the-land techniques to avoid detection while dropping novel malware. This malware can withstand factory resets, system upgrades, and patches. Another threat actor, UNC3886, may also be taking advantage of the vulnerabilities. Users are advised to take immediate action, apply the latest security advisory from Ivanti, and use external integrity checkers and updated hardening guides. The flaws were initially reported in January 2024, and subsequent investigation revealed the use of an unsupported operating system by Ivanti.

NSA says it's tracking Ivanti cyberattacks as hackers hit US defense sector

TechCrunch · 1y ago

NSA says it's tracking Ivanti cyberattacks as hackers hit US defense sector

The U.S. National Security Agency (NSA) has confirmed that hackers targeting vulnerabilities in Ivanti's VPN software have attacked organizations in the U.S. defense sector. The China-backed hacking group UNC5325 has launched massive attempts to exploit vulnerabilities in Ivanti Connect Secure, a widely used enterprise VPN appliance. The hackers demonstrate extensive knowledge of the software and have deployed malware to maintain persistence even after system updates and patches. The NSA is collaborating with other agencies to detect and mitigate the attacks. It is currently unclear how many Ivanti customers have been affected.

Windows 0-day was exploited by North Korea to install advanced rootkit

Arstechnica

Arstechnica · 11m ago

Windows 0-day was exploited by North Korea to install advanced rootkit

A recent Windows zero-day vulnerability that was patched by Microsoft was exploited by hackers affiliated with the North Korean government. The vulnerability allowed attackers to install custom malware, providing them with access to sensitive system areas and system privileges. The hackers, known as Lazarus, targeted individuals in cryptocurrency engineering and aerospace to steal cryptocurrencies for funding their operations. They used the exploit to install FudModule, a sophisticated rootkit malware that disables internal and external security defenses. The details of when the attacks started and the number of targeted organizations remain unknown.

Fake wedding cards emptying bank accounts

Economic Times

Economic Times · 8m ago

Fake wedding cards emptying bank accounts

Scammers are sending fake wedding card PDF documents on WhatsApp, which, when opened, download malware onto the recipients' devices. This tactic has been observed during the wedding season in India. The malware attacks are designed to obtain control over the victim's device, allowing the scammers to access their personal and banking information. Cybercrime departments in several states have issued warnings about these malicious documents, urging citizens to install malware-protection apps. The number of cyberattacks in India is increasing, with criminals constantly devising new techniques to defraud individuals.

Microsoft catches Russian hackers targeting foreign embassies

Arstechnica

Arstechnica · 7d ago

Microsoft catches Russian hackers targeting foreign embassies

Microsoft has identified Russian-state hackers targeting foreign embassies in Moscow using custom malware through ISP-level adversary-in-the-middle attacks. The group, known as Secret Blizzard, aims to install the ApolloShadow malware, which deploys a malicious TLS root certificate to impersonate trusted websites. The attack utilizes captive portals to deceive users into executing the malware, allowing hackers to maintain long-term persistence for intelligence collection. Microsoft advises using encrypted tunnels to trusted ISPs for security.

Kremlin-backed hackers exploit critical Windows vulnerability reported by the NSA

Arstechnica

Arstechnica · 1y ago

Kremlin-backed hackers exploit critical Windows vulnerability reported by the NSA

Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks targeting various organizations. The vulnerability, known as CVE-2022-38028, was patched by Microsoft in October 2022, but the company did not disclose that it was actively being exploited. By exploiting the vulnerability, hackers can gain system privileges in Windows. The hackers, known as Forest Blizzard or APT28, have been linked to the Russian military intelligence unit, GRU. They have been using the vulnerability to install a backdoor called GooseEgg, allowing them to install additional malware and carry out various attacks.

Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks

Arstechnica

Arstechnica · 1y ago

Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks

A state-sponsored hacking group has been targeting government networks worldwide by exploiting two zero-day vulnerabilities in Cisco firewalls, according to researchers. The campaign, which has been ongoing for five months, involves the use of advanced exploit chains and the installation of previously unseen malware. The hackers have shown meticulous attention to covering their tracks, indicating that the attacks are likely motivated by espionage objectives. It is suspected that the group is also targeting other devices besides Cisco's Adaptive Security Appliances firewalls. Cisco has released security updates to address the vulnerabilities and is urging users to install them promptly.

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

Arstechnica

Arstechnica · 1y ago

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

A zero-day vulnerability in the popular file compression program WinRAR was exploited by attackers for four months to install malware when victims opened booby-trapped files. The flaw, tracked as CVE-2023-38831, allowed attackers to remotely execute code that installed malware, including DarkMe, GuLoader, and Remcos RAT, leading to financial losses from broker accounts. While the full extent of the damage is unknown, at least 130 individuals have been compromised. WinRAR addressed the vulnerability earlier this month. Users are advised to update to version 6.23 to protect against potential attacks.

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Arstechnica

Arstechnica · 1y ago

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Software maker Ivanti has issued a warning to users of its endpoint security product about a critical vulnerability that could allow unauthenticated attackers to execute malicious code within affected networks. The vulnerability, a type of SQL injection, affects all supported versions of the Ivanti Endpoint Manager, which runs on various platforms. The company has released a patch for the vulnerability, but there is currently no evidence of active exploitation. Users are advised to install the patch to mitigate the risk.

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Arstechnica

Arstechnica · 1y ago

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation of a critical vulnerability in Ivanti's VPN software has begun, as hackers target multiple vulnerabilities in the product. The latest vulnerability, tracked as CVE-2024-21893, is a server-side request forgery. It was discovered alongside another vulnerability that has yet to be exploited. Last week, Ivanti announced that CVE-2024-21893 was under active exploitation, intensifying an already chaotic situation. All vulnerabilities affect Connect Secure and Policy Secure VPN products. The Cybersecurity and Infrastructure Security Agency has ordered all federal agencies to disconnect Ivanti VPNs until they are rebuilt and updated.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.