Security News

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile, prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 and discovered by Rapid7, the issue "Allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.".

IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. "MobileIron Core 11.2 has been out of support since March 15, 2022. Therefore, Ivanti will not be issuing a patch or any other remediations to address this vulnerability in 11.2 or earlier versions. Upgrading to the latest version of Ivanti Endpoint Manager Mobile is the best way to protect your environment from threats," the company said.

Advanced persistent threat actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The exact identity or origin of the threat actor remains unclear.

The U.S. Cybersecurity and Infrastructure Security Agency warned today of state hackers exploiting two flaws in Ivanti's Endpoint Manager Mobile, formerly MobileIron Core. "Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices, and APT actors have exploited a previous MobileIron vulnerability," CISA said on Tuesday.

Another actively exploited zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been identified and fixed.Last week, we reported on a remote unauthenticated API access vulnerability affecting Ivanti EPMM having been exploited to target Norwegian ministries.

Key factors for effective security automationIn this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated with human expertise, the challenges in ensuring data integrity, and the considerations when automating advanced tasks. MikroTik vulnerability could be used to hijack 900,000 routersA privilege escalation vulnerability could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines.

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. "This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions."

Ivanti released security patches for the path traversal flaw tracked as CVE-2023-35081 today and warned customers that it's "Critical" to upgrade as soon as possible to secure vulnerable appliances against attacks. In light of this, admins and security teams should immediately upgrade their Ivanti EPMM installations to the latest version to protect them from potential attacks.

A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole. On Monday, the US government's Cybersecurity and Infrastructure Security Agency added CVE-2023-35078 to its Known Exploited Vulnerabilities Catalog that should be urgently patched.

Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected. U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.