Security News

Ivanti plugs critical bug – but not before it was used against Norwegian government

2023-07-26 06:27

A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole. On Monday, the US government's Cybersecurity and Infrastructure Security Agency added CVE-2023-35078 to its Known Exploited Vulnerabilities Catalog that should be urgently patched.

#critical #ivanti #norwegian #CVE-2023-35078

CISA warns govt agencies to patch Ivanti bug exploited in attacks

2023-07-25 20:41

Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected. U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.

#attack #cisa #ivanti #patch #CVE-2023-35078

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

2023-07-25 10:20

A zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority has confirmed on Tuesday. On Monday, the Norwegian government said that the attack was detected on the ICT platform used by the 12 ministries, though it did not name the platform at the time.

#ivanti #norwegian #zeroday #CVE-2023-35078

Norway says Ivanti zero-day was used to hack govt IT systems

2023-07-25 06:42

The Norwegian National Security Authority has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile solution to breach a software platform used by 12 ministries in the country. The Norwegian National Cyber Security Center also notified all known MobileIron Core customers in Norway about the existence of a security update to address this actively exploited zero-day bug.

#hack #ivanti #norway #zeroday

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

2023-07-25 03:51

Ivanti is warning users to update their Endpoint Manager Mobile mobile device management software to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as well as older releases.

#exploitation #ivanti #patch #vulnerability #zeroday #CVE-2023-35078

Ivanti patches MobileIron zero-day bug exploited in attacks

2023-07-24 20:05

Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday. While Ivanti has published a security advisory to provide details on the security vulnerability, the information is being blocked by a login, given that the article can only be accessed with an account linked to Ivanti customer information.

#attack #ivanti #mobileiron #zeroday #CVE-2023-35078

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}