Security News

Ivanti has disclosed a critical vulnerability affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile. "The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of work on a product bug. It had not previously been identified as a vulnerability," noted Ivanti.

Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations' systems and stealing data before the intrusion was discovered and stopped. In a joint advisory issued on Tuesday, the US government's Cybersecurity and Infrastructure Security Agency and the Norwegian National Cyber Security Centre detailed the attack, and warned of the "Potential for widespread exploitation" of Ivanti's software in both government and enterprise networks.

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 and discovered by Rapid7, the issue "Allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.".

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. "MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.

Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The exact identity or origin of the threat actor remains unclear.

The U.S. Cybersecurity and Infrastructure Security Agency warned today of state hackers exploiting two flaws in Ivanti's Endpoint Manager Mobile, formerly MobileIron Core. "Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability," CISA said on Tuesday.

Another actively exploited zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been identified and fixed.Last week, we reported on a remote unauthenticated API access vulnerability affecting Ivanti EPMM having been exploited to target Norwegian ministries.

Key factors for effective security automationIn this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated with human expertise, the challenges in ensuring data integrity, and the considerations when automating advanced tasks. MikroTik vulnerability could be used to hijack 900,000 routersA privilege escalation vulnerability could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines.

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. "This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions."

Ivanti released security patches for the path traversal flaw tracked as CVE-2023-35081 today and warned customers that it's "Critical" to upgrade as soon as possible to secure vulnerable appliances against attacks. In light of this, admins and security teams should immediately upgrade their Ivanti EPMM installations to the latest version to protect them from potential attacks.