Jon Greig · @jgreig
106 followers · 553 posts · Server ioc.exchangeIvanti updated its advisory on CVE-2023-35082 to say all versions of Ivanti Endpoint Manager Mobile 11.10, 11.9 and 11.8 and MobileIron Core 11.7 are affected
https://therecord.media/all-ivanti-versions-affected-by-vulnerability-tied-to-norway-attacks
adlerweb // BitBastelei · @adlerweb
655 followers · 4911 posts · Server social.adlerweb.info
Sachtma was machen die bei #Ivanti eigentlich beruflich?
"Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM)"
https://thehackernews.com/2023/08/researchers-discover-bypass-for.html
fthy · @fthy
13 followers · 94 posts · Server mastodon.greenCaitlin Condon: „We would consider this a bypass for the fix for CVE-2023-35078, but notably, it only works on unsupported versions of MobileIron Core (11.2 and below). CVE-2023-35082 could be chained with CVE-2023-35081 to allow an attacker write malicious webshell files to the appliance.“
#infosec #mobileiron #vulnerabiliy #Ivanti
fthy · @fthy
13 followers · 93 posts · Server mastodon.green
https://www.spiegel.de/netzwelt/netzpolitik/digitalministerium-von-volker-wissing-diensttelefone-waren-angreifbar-a-0a7af477-3190-4c4c-83a4-dd9b75179d52 German Federal Ministry for Digital and Transport has not patched the critical vulnerability for almost a week, even after warning from the Federal Office of Information Security BSI
Philipp · @derfopps
108 followers · 1061 posts · Server digitalcourage.social#Digitalministerium gehackt, weil sie ihr #Ivanti nicht aktualisiert haben. Einmal mit Profis …
https://nl-link.sueddeutsche.de/u/nrd.php?p=nUavi6eT5t_35415_3646756_1_19&ems_l=6188398&d=MzUwMDA1Nzc4%7CblVhdmk2ZVQ1dA%3D%3D%7CU1pfYW1fQWJlbmRfMDIwODIz%7C%7C&_esuh=_11_0d9a8f2c0668a93abfacf2cb9d3ae35dd65a3d68681f6310c2faecd0710a697c
Das schönste ist ja, dass wegen des Hackerparagraphen in Kartoffelland #ResponsibleDisclosure nicht möglich ist. Und sich die Hacker_in(en) deswegen an die SZ gewandt hat/haben. Wegen Quellenschutz.^^
#WissingRücktritt wann?
#wissingrucktritt #responsibledisclosure #Ivanti #Digitalministerium
Aida Akl · @AAKL
372 followers · 707 posts · Server noc.socialHow many other organizations have intruders lurking in their systems for months and they don't even know it? We have a problem with detection (or lack of.) #cybersecurity #infosec
US, Norway say threat actors have been exploiting #Ivanti zero-day since April https://techcrunch.com/2023/08/02/ivanti-zero-day-exploit-april-government/ @TechCrunch @carlypage
#Ivanti #infosec #cybersecurity
Jon Greig · @jgreig
102 followers · 536 posts · Server ioc.exchangeHackers began exploiting a new vulnerability in Ivanti products used by Norway's government at least as early as April, according to a new joint advisory from CISA and Norway
#Ivanti #MobileIron CVE-2023-35078 and CVE-2023-35081
Dirk Roebers · @prexclusiv
55 followers · 818 posts · Server nrw.social
#Security #Alert: Patch für den #Ivanti - früher MobileIron - Endpoint Manager Mobile (EPMM). 2.600 angreifbare Instanzen, davon 500 in D. Schwachstellen spielten wohlr Rolle bei den Angriffen norwegische Ministerien. #ITSicherheit #ITSecurity #cybersecurity
#security #alert #Ivanti #itsicherheit #ITSecurity #cybersecurity
Dag · @dagb
141 followers · 1192 posts · Server snabelen.no
fthy · @fthy
11 followers · 88 posts · Server mastodon.greenNow public info from Ivanti: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Ask Ivanti for the IOC PDF and check your mobileiron logs. If the logs cover only a short period of time, check the logs of the backup of your mobileiron systems.
#infosec #Ivanti #mobileiron #vulnerability
fthy · @fthy
9 followers · 85 posts · Server mastodon.greenhttps://www.ivanti.com/blog/epmm-security-concern-with-server-response-leak
Ivanti Endpoint Manager Mobile (formerly known as MobileIron Core)
CVE-2023-25690 CVSS3.1 Score9.8
Afftected version 11.9.0.1 and below
#infosec #vulnerability #mobileiron #Ivanti
Referenced link: https://0day.today/exploit/description/38682
Originally posted by 0day Exploit Database 🌴 / @inj3ct0r@twitter.com: https://twitter.com/inj3ct0r/status/1659468168606121984#m
#0day #Ivanti Avalanche FileStoreConfig #ShellUpload #Exploit https://0day.today/exploit/description/38682
#0day #Ivanti #ShellUpload #exploit
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchangeMicrosoft Patch Tuesday, October 2020 Edition https://krebsonsecurity.com/2020/10/microsoft-patch-tuesday-october-2020-edition/ #MicrosoftPatchTuesdayOctober2020 #ZeroDayInitiative #FlashPlayerpatch #CVE-2020-16898 #CVE-2020-16947 #DustinChilds #StevePovolny #TimetoPatch #ToddSchell #trendmicro #Ivanti #mcafee
#MicrosoftPatchTuesdayOctober2020 #ZeroDayInitiative #FlashPlayerpatch #CVE #DustinChilds #StevePovolny #TimetoPatch #ToddSchell #trendmicro #Ivanti #mcafee
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchangeMicrosoft Patch Tuesday, Sept. 2020 Edition https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/ #MicrosoftPatchTuesdaySeptember2020 #MicrosoftExchangeServer #MicrosoftSharepoint #ZeroDayInitiative #CVE-2020-16875 #RecordedFuture #SecurityTools #CVE-2020-1210 #DustinChilds #TimetoPatch #ToddSchell #AlanLiska #Tenable #Ivanti
#MicrosoftPatchTuesdaySeptember2020 #MicrosoftExchangeServer #MicrosoftSharepoint #ZeroDayInitiative #CVE #RecordedFuture #SecurityTools #DustinChilds #TimetoPatch #ToddSchell #AlanLiska #Tenable #Ivanti
dispatch · @dispatch
472 followers · 2723 posts · Server ioc.exchangeMicrosoft Patch Tuesday, May 2020 Edition https://krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/ #LatestWarnings #CVE-2020-1054 #CVE-2020-1117 #CVE-2020-1126 #CVE-2020-1135 #CVE-2020-1143 #adobeacrobat #SatnamNarang #TimetoPatch #adobereader #FlashPlayer #ToddSchell #Tenable #Ivanti
#LatestWarnings #CVE #adobeacrobat #SatnamNarang #TimetoPatch #AdobeReader #FlashPlayer #ToddSchell #Tenable #Ivanti