Security News

Two weeks ago, we urged Apple users with recent hardware to grab the company's second-ever Rapid Response patch. CVE-2023-37450: an anonymous researcher The next-best thing to zero-click attacks Technically, code execution bugs that can be triggered by getting you to look at a web page that contains booby-trapped content don't count as so-called zero-click attacks.

A zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority has confirmed on Tuesday. On Monday, the Norwegian government said that the attack was detected on the ICT platform used by the 12 ministries, though it did not name the platform at the time.

Apple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported. In early July, Apple fixed an actively exploited zero-day vulnerability in WebKit.

The Norwegian National Security Authority has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile solution to breach a software platform used by 12 ministries in the country. The Norwegian National Cyber ​​Security Center also notified all known MobileIron Core customers in Norway about the existence of a security update to address this actively exploited zero-day bug.

Ivanti is warning users to update their Endpoint Manager Mobile mobile device management software to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as well as older releases.

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory.

Ivanti released security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday. While Ivanti has published a security advisory to provide details on the security vulnerability, the information is being blocked by a login, given that the article can only be accessed with an account linked to Ivanti customer information.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software. The Norwegian Security and Service Organization informed the National Security Authority when the cyberattack was discovered and engaged the police, who are currently investigating the incident.

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. "For instance, misconfigured Custom Actions running as NT AUTHORITYSYSTEM can be exploited by attackers to execute local privilege escalation attacks."