meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 23 September 2025

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Tuesday, September 23rd, 2025 edition of the Sands Inlet Storm Center's Stormcast.

0:12.5

My name is Johannes Ulrich, recording today from Las Vegas, Nevada.

0:17.8

And this episode is brought you by the sands.edu graduate certificate program in

0:22.4

cybersecurity leadership. SISA, the cybersecurity and infrastructure security agency has

0:30.4

published a report with details regarding two organizations that were recently compromised

0:37.2

via a vulnerability in Ivanti's endpoint manager, Mobile, or Ivanti EPMMM.

0:45.0

The vulnerabilities were exploited in order to install a backdoor on these systems.

0:50.5

That was essentially persistent mechanism being used by these attackers. And the end

0:55.7

effect was that the attacker was able to execute optory commands on affected systems. There's, of course,

1:04.0

always a chance that they hit additional systems that didn't report samples to SESA, that's very likely.

1:12.5

Also, SESA did publish a number of indicators of compromise, like URLs, for example,

1:18.4

hidden order to take advantage of the vulnerability,

1:21.6

and also additional analysis of the back door that was found on these systems. The vulnerabilities that were

1:29.6

exploited here were patched in Mays or something you should have probably taken care of by now,

1:34.6

but if you haven't, well, this is probably your very last chance. And if you find unpatched

1:40.0

systems, absolutely make sure they have not already been compromised. And LastPass is reporting

1:48.4

that they have seen a large number of fake GitHub repostories that are distributing malware.

1:56.3

Now, the reason last pass out of came across them is that this particular wave of fake GitHub

2:03.3

repositories is also impersonating last pass in addition to a number of other software

2:09.9

vendors in the list I noticed one password for example, also Da Vinci Resolve was being impersonated. Many of these GitHub repositories claim that they have premium or paid versions of that product for free to download.

2:27.8

And they're in particular targeting MacBooks.

2:31.1

Now what the user actually ends up with when they're installing this particular

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.