Ivanti is under fire again, as The Register reports on two new vulnerabilities, one of which was already being exploited as a zero-day.
It's been less than a year since the last high-profile security incident involving Ivanti, and now, two new flaws need to be patched -- and fast. The Register says:
- CVE-2025-0282 (9.0 severity – critical): The worst of the two vulnerabilities is a stack-based buffer overflow bug leading to unauthenticated remote code execution. This vuln was already exploited, affecting Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.
- CVE-2025-0283 (7.0 severity – high): The less-serious-but-still-pretty-serious vuln is another stack-based buffer overflow leading to privilege escalation for locally authenticated attackers. The same products and versions are affected, according to the report.
The two issues aren't believed to be chained in the attacks; Ivanti said CVE-2025-0282 is the exploited zero-day, and they just happened to find CVE-2025-0283 during the threat-hunting phase and decided to include it in the advisory.
Connect Secure and Policy Secure, closely followed by ZTA Gateways – the subjects of last year's infamous flaws – are again involved here. Be careful out there!
Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. Cofense names new CEO: Phishing defense firm Cofense Cofense announced the appointment of Marc Olesen as its new CEO. Oleson is a seasoned executive with over 30 years of experience, and most recently served as the CEO at TokenEx, where he oversaw its merger with IXOPAY. During his tenure as president and CEO at Sift, he led the emergence of a new market category for Digital Trust & Safety. Previously, Olesen held senior leadership roles at Splunk and McAfee. Congratulations!
2. YL Ventures annual report: YL Ventures, a global venture capital firm specializing in early stage investing in Israeli cybersecurity startups, released its State of the Cyber Nation Report 2024. This year's analysis showed total investments reaching $4B across 89 funding rounds—more than double the $1.89B raised in 2023—in the Israeli cybersecurity market.
3. Quorum Cyber acquires Kivu Consulting: Quorum Cyber – headquartered in the U.K., with offices across North America – today announced the acquisition of Kivu Consulting Inc., a leading global cybersecurity firm specializing in incident response. The strategic move bolsters Quorum Cyber’s global presence and builds on its momentum after it acquired Difenda, a North American company specializing in Microsoft Security Managed Services, in September 2024.
4. Radiant Logic names new CEO: Identity security posture management company Radiant Logic has named Dr. John Pritchard as its new CEO, effective immediately. Pritchard succeeds Joe Sander, who led the company for four years and will join the company's board of directors. Pritchard has an extensive background in technology innovation and will lead Radiant Logic into its next phase of strategic expansion and market leadership, the company said.
5. UN civil aviation agency confirms data breach: The United Nations' International Civil Aviation Organization (ICAO) has corroborated threat actor natohub's claimed theft of 42,000 user data records from the Montreal-based agency's recruitment database, according to The Register. Unauthorized access to the database prompted the exfiltration of recruitment-related information from April 2016 to July 2024, including applicants' names, birthdates, email addresses, and employment history, but not their financial details, passports, credentials, and uploaded documents, said an ICAO spokesperson, who noted that none of the agency's other systems have been impacted by the incident.
