I KNEW IT! Ivanti Connect Secure VPN does use Python, specifically Python 2.6.6. Eclypsium also found a giant logic hole in Ivanti's Integrity Checker Tool. which is written in Python.
https://www.techtarget.com/searchsecurity/news/366569938/Eclypsium-Ivanti-firmware-has-plethora-of-security-issues
#ivanti #IvantiVPN #python

Many InfoSec professionals seem to be awkwardly ignoring that the Ivanti Connect Secure license attribution document lists a lot of Python modules, some of which are typically used in webapps (ex: noirbizarre/flask-restplus). InfoSec has a strong bias towards Python (and Go), but unfortunately you can write vulnerabilities in any programming language (because they are Turing Complete). It's never fun when it's your favorite programming language that's under the microscope.
https://help.ivanti.com/ps/help/en_US/ICS/22.x/22.6R2/ICS%20Attributions.pdf
#ivanti #ivantivpn #infosec #pythonhegemony

@GossiTheDog note the attribution license doc mentions a bunch of python modules, some frontend and some backend. noirbizarre/flask-restplus, rptlab/reportlab (PDF gen library), scikit-learn/scikit-learn (Python machine learning library using SciPy). Python is probably on there somewhere.
https://help.ivanti.com/ps/help/en_US/ICS/22.x/22.6R2/ICS%20Attributions.pdf
#ivanti #ivantivpn

#CISA #cybersecurity #hacking #hacks #ZeroDay #IvantiVPN
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-disconnect-ivanti-vpn-appliances-by-saturday/

"🚨 Ivanti VPN Zero-Day Exploits Unleash Global Cyber Onslaught 🚨"

🔒 Two zero-day vulnerabilities in Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are facing mass exploitation. Discovered by Volexity, the CVE-2023-46805 and CVE-2024-21887 vulnerabilities enable widespread attacks, impacting businesses of all sizes worldwide, including Fortune 500 companies. The GIFTEDVISITOR webshell variant is used to backdoor systems, indicating a serious threat level.

Ivanti hasn't released patches yet. Administrators are advised to apply vendor-provided mitigation measures and use Ivanti's Integrity Checker Tool. All data on compromised ICS VPN appliances should be considered at risk. Amid these attacks, suspected Chinese state-backed actors (UTA0178 or UNC5221) are notably active, with Mandiant identifying five custom malware strains targeting breached systems.

These include Zipline Passive Backdoor, Thinspool Dropper, Wirefire and Lightwire web shells, Warpwire harvester, PySoxy tunneler, BusyBox, and Thinspool utility. Particularly alarming is Zipline, which intercepts network traffic and supports various malicious activities.

Stay vigilant and prioritize immediate protective actions!

🔗 Source: BleepingComputer - Sergiu Gatlan

Tags: #CyberSecurity #ZeroDay #IvantiVPN #CVE202346805 #CVE202421887 #APT #UTA0178 #UNC5221 #Malware #Webshell #Volexity #Mandiant #NetworkSecurity #InfoSec🛡️🌍👾