The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a new malware strain, named Resurge, targets vulnerabilities in Ivanti's Connect Secure, Policy Secure, and ZTA Gateway products. The malware exploits a critical stack-overflow bug enabling remote code execution, which was previously used in attacks by the Spawn family of malware. System resets and firmware updates are strongly advised to ensure network security, alongside password resets for all accounts. Failure to act risks significant security breaches.
"For the highest level of confidence, conduct a factory reset," CISA advised in a March 28 update. "For Cloud and Virtual systems, conduct a factory reset using an external known clean image of the device."
Resurge uses elements of Spawn, specifically the Spawn Chimera strain, and creates web shells on infected equipment allowing them to be remotely controlled.
Collection
[
|
...
]