13.01.25 Threat Report

Critical Vulnerability in Ivanti Connect Secure Appliances

CVE ID: CVE-2025-0282

Security researchers have uncovered a critical remote code execution (RCE) vulnerability in Ivanti’s Connect Secure VPN appliances—a popular solution for secure remote access. Attackers exploiting this flaw can remotely execute arbitrary code without needing valid credentials. This vulnerability has been actively exploited in the wild, with over 2,000 vulnerable instances globally—many located within the United States and Europe.

‍

This vulnerability could allow adversaries to take full control of the affected appliance, exfiltrate sensitive data, deploy additional malware, or create a persistent foothold within the network.

‍
Compromised VPN appliances can result in unauthorised access to internal systems, bypassing perimeter defences. This type of attack is particularly concerning for organisations with remote workforces or those handling sensitive healthcare or financial data.

‍

Recommendation:

• Immediately apply the latest security patches provided by Ivanti.
• Consider a factory reset to remove any malicious implants from compromised devices.
• Implement enhanced monitoring of VPN access logs to detect unusual activities.
• Use network segmentation to limit access to sensitive internal systems.

‍

Malware Targets macOS Users

A new variant of the Banshee malware has been discovered targeting macOS systems. Unlike previous iterations, this strain bypasses Apple’s XProtect antivirus technology, making it harder to detect. Once installed, Banshee can steal credentials, sensitive files, financial data, and even record keystrokes.

‍

The malware is believed to be distributed via phishing emails that contain malicious attachments or links. Once a user downloads and opens the file, the malware is installed and silently operates in the background.

With over 100 million macOS devices potentially at risk, the Banshee malware highlights the growing focus of threat actors on Apple users, who have traditionally been perceived as more secure than their Windows counterparts.

‍

Recommendation:

• Update macOS to the latest version to ensure all security patches are applied.
• Install reputable endpoint protection software that offers behavioural analysis to detect malware even when it bypasses antivirus signatures.
• Avoid downloading files from untrusted sources or clicking on suspicious links.
• Educate employees on phishing risks and safe email practices.

‍

WordPress E-commerce Sites Targeted by Credit Card Skimmer

A sophisticated credit card skimmer has been discovered targeting WordPress-based e-commerce sites. Unlike traditional skimming methods, this malware injects malicious JavaScript directly into database tables, enabling it to evade typical detection mechanisms such as file integrity scans.

‍

The malware activates during the checkout process, allowing it to capture payment information in real-time. It’s believed that attackers are exploiting outdated plugins and themes to gain initial access.

Affected sites may unknowingly compromise customer data, leading to financial fraud and repetitional damage. Payment processors and regulatory authorities may also impose fines for failing to secure sensitive payment information.

Recommendation:

• Conduct frequent security audits of WordPress sites and review database integrity.
• Regularly update plugins, themes, and the WordPress core to their latest versions.
• Implement web application firewalls (WAFs) to detect and block malicious traffic.
• Use two-factor authentication (2FA) for admin logins to prevent unauthorised access.

‍

Robot Vacuum Cleaners Hacked to Spy on and Harass Owners

‍

In a series of alarming incidents, Ecovacs Deebot X2 robot vacuum cleaners were compromised by hackers, allowing unauthorised access to their live camera feeds and control systems. Attackers used these capabilities to spy on users and, in some cases, broadcast offensive language through the devices' speakers. One notable case involved a Minnesota lawyer who reported his vacuum shouting racial slurs at his family.

‍
These breaches highlight significant security vulnerabilities in IoT devices, particularly those equipped with cameras and microphones. Unauthorised access to such devices can lead to severe privacy invasions, harassment, and unauthorised surveillance within private homes.

‍

Recommendation:

• Update Firmware: Ensure that your robot vacuum's firmware is up-to-date to mitigate known vulnerabilities.
• Secure Network: Connect IoT devices to a separate, secured network to limit potential access points for attackers.
• Strong Authentication: Use strong, unique passwords for device accounts and enable two-factor authentication if available.
• Monitor Device Activity: Regularly review device logs and be alert to unusual behaviour, such as unexpected movements or unauthorised access notifications.

‍