Today’s Topics:

• New Zero-Day Vulnerabilities Discovered in Ivanti Connect Secure Products
• Telegram’s Data Sharing Post-CEO Arrest Raises Cybersecurity Concerns
• How can Netizen help?

New Zero-Day Vulnerabilities Discovered in Ivanti Connect Secure Products

Ivanti has recently disclosed two severe vulnerabilities affecting its Connect Secure product line, with one already being exploited in the wild. These vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose significant risks, allowing attackers to execute remote code and escalate privileges.

CVE-2025-0282 is a critical stack-based buffer overflow vulnerability with a CVSS score of 9.0. This flaw enables unauthenticated attackers to execute arbitrary code remotely. It impacts Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions before 22.7R1.2, and Ivanti Neurons for ZTA Gateways versions before 22.7R2.3. The severity of this vulnerability lies in its remote exploitability, which has already been confirmed in several customer environments.

CVE-2025-0283, rated high with a CVSS score of 7.0, is a similar stack-based buffer overflow vulnerability. However, it requires local authenticated access to escalate privileges. This flaw affects the same product versions as CVE-2025-0282. As of the disclosure, there are no known instances of this vulnerability being exploited.

In response, Ivanti recommends several mitigation steps to ensure security. Customers are urged to upgrade to the latest version, Ivanti Connect Secure 22.7R2.5, as soon as possible. Additionally, using the Integrity Checker Tool (ICT) to monitor for signs of compromise is crucial. Ivanti suggests a factory reset of affected appliances following a clean ICT scan before deploying the new version into production, as an extra layer of caution.

While the Ivanti Policy Secure product is not intended to be internet-facing, reducing its exposure to these exploits, a patch for this product is scheduled for release on January 21, 2025. Security teams should continue to monitor their environments and ensure all systems are updated to protect against these vulnerabilities.

Telegram’s Data Sharing Post-CEO Arrest Raises Cybersecurity Concerns

Telegram, classically renowned for its strong privacy stance, has come under scrutiny after significantly increasing its data sharing with law enforcement following the arrest of its CEO, Pavel Durov. This move signals a critical shift in the platform’s operational approach and raises significant cybersecurity and privacy implications.

In August 2024, French authorities arrested Durov, a dual French and Russian citizen, during an investigation into Telegram’s alleged facilitation of organized crime. The platform had been under fire for its encryption and privacy policies, which critics claimed shielded criminals from detection. After his release, Durov committed to bolstering Telegram’s cooperation with legal authorities by providing user IP addresses and phone numbers for valid legal requests.

Telegram’s enhanced cooperation with law enforcement has sparked concerns about user privacy and the platform’s security commitments. Historically, Telegram has been a go-to platform for those seeking privacy due to its end-to-end encryption and minimal data retention policies. However, this new approach marks a pivot towards greater transparency and cooperation with law enforcement, which could undermine user trust and the perceived security of the platform.

Telegram has implemented a bot that generates brief transparency reports for each country, showing the number of law enforcement data requests and the affected users. This data, aggregated by researchers—including one from Human Rights Watch—reveals a substantial rise in such requests in late 2024. In the U.S., Germany, and France alone, approximately 2,000 users were impacted, with hundreds more in the U.K., Spain, Belgium, and the Netherlands.

This development introduces several cybersecurity challenges:

1. Increased Surveillance Risks: Sharing user data with authorities heightens the risk of surveillance and potential misuse of data. It also raises concerns about whether such data might be vulnerable to breaches or unauthorized access once in governmental hands.
2. Encryption Integrity: The shift towards data sharing could pressure Telegram to weaken its encryption or create backdoors, which would be a significant cybersecurity concern. Weakening encryption undermines the platform’s ability to protect user communications against cyber threats.
3. Trust Erosion: Users who rely on Telegram for secure communication, such as activists, journalists, and privacy advocates, might seek alternative platforms. This could fragment the user base and create challenges for maintaining a robust, secure messaging infrastructure.
4. Compliance with Regulatory Frameworks: Telegram’s forthcoming transparency report under the EU’s Digital Services Act (DSA) will be crucial. The DSA seeks to curb illegal activities online while ensuring platforms uphold fundamental rights, including privacy. How Telegram balances these requirements will set a precedent for other encrypted messaging services.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.