Security News > 2023 > August

Ivanti has disclosed a critical vulnerability affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile. "The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of work on a product bug. It had not previously been identified as a vulnerability," noted Ivanti.

Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic...

Staff at NHS Lanarkshire - which serves over half a million Scottish residents - used WhatsApp to swap photos and personal info about patients, including children's names and addresses. This, the watchdog said, "Demonstrates that information governance expectations regarding WhatsApp were not understood by staff involved in the WhatsApp Group."

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most...

Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations' systems and stealing data before the intrusion was discovered and stopped. In a joint advisory issued on Tuesday, the US government's Cybersecurity and Infrastructure Security Agency and the Norwegian National Cyber Security Centre detailed the attack, and warned of the "Potential for widespread exploitation" of Ivanti's software in both government and enterprise networks.

Sophos released new findings on CryptoRom scams—a subset of pig butchering schemes designed to trick users of dating apps into making fake cryptocurrency investments. Since May, Sophos X-Ops has...

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globally spanning government, non-government organizations, IT services, technology, discrete manufacturing, and media sectors.

Recently, Google unveiled the creation of a dedicated AI red team. The AI red team closely observes both new adversarial research that is being published, as well as where Google is integrating AI into products.

Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure, and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms.

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 and discovered by Rapid7, the issue "Allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.".