• 6 DAYS AGO
  • EPISODE 9.3K
  • 6 MIN

ISC StormCast for Thursday, January 9th, 2025

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.

Episode Webpage

Information

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada