Die meisten schaffen es scheinbar nicht die aktuellen kritischen Lücken in Lösungen wie Mobile Iron durch das Installieren von vorhandenen Sicherheitsupdates abzusichern.
Es gibt immer noch ne Menge angreifbarer Ivanti (ehemals Mobile Iron) Sentry’s da draußen 🤷‍♂️🤦‍♂️. Schlafen die Admins?

#vulnerability #ivanti #sentry #sicherheit #it #mobileiron #patches #updates

Wer eine Sentry von Ivanti (ehemals Mobile Iron) im Einsatz hat, sollte dringend die letzten Patches einspielen! Angreifer können aus der Ferne Befehle ausführen.

#mobileiron #ivanti #vulnerability #patch #hacker #exploit #security

SecurityWeek: Exploitation of Ivanti Sentry Zero-Day Confirmed https://www.securityweek.com/exploitation-of-ivanti-sentry-zero-day-confirmed/ #Vulnerabilities #exploited #Featured #Zero-Day #Ivanti

TechcrunchSecurity: Ivanti warns customers another zero-day is under active attack https://techcrunch.com/2023/08/22/ivanti-warns-customers-another-zero-day-is-under-active-attack/ #cybersecurity #vulnerability #zero-dayflaw #Security #ivanti

#Ivanti Sentry is facing a new critical zero-day flaw (CVE-2023-38035), actively exploited in the wild. If you use Ivanti, time to patch up!

https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html

#cybersecurity #informationsecurity

TechcrunchSecurity: Ivanti warns customers another zero-day is under active attack https://techcrunch.com/2023/08/22/ivanti-warns-customers-another-zero-day-is-under-active-attack/ #cybersecurity #vulnerability #zero-dayflaw #Security #ivanti

TechcrunchSecurity: Ivanti warns customers another zero-day is under active attack https://techcrunch.com/2023/08/22/ivanti-warns-customers-another-zero-day-is-under-active-attack/ #cybersecurity #vulnerability #zero-dayflaw #Security #ivanti

"A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. We have reported this as CVE-2023-38035. This vulnerability impacts all supported versions – Versions 9.18. 9.17 and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM."

https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry

#ivanti #vulnerability #infosec

SecurityOnline: CVE-2023-38035: Ivanti Sentry API Authentication Bypass Vulnerability Being Exploited in the Wild https://securityonline.info/cve-2023-38035-ivanti-sentry-api-authentication-bypass-vulnerability-being-exploited-in-the-wild/ #CVE-2023-38035 #Vulnerability #Ivanti

Länger nichts von #Ivanti gehört? 🙈

„[…] critical #vulnerability ( #CVE-2023-38035 )enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by #MobileIron Configuration Service (MICS).“

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/

SecurityOnline: CVE-2023-38035: Ivanti Sentry API Authentication Bypass Vulnerability Being Exploited in the Wild https://securityonline.info/cve-2023-38035-ivanti-sentry-api-authentication-bypass-vulnerability-being-exploited-in-the-wild/ #CVE-2023-38035 #Vulnerability #Ivanti

Vielfältige Attacken auf #Ivanti Enterprise Mobility Management möglich | Security https://www.heise.de/news/Vielfaeltige-Attacken-auf-Ivanti-Enterprise-Mobility-Management-moeglich-9245340.html #Patchday

SecurityWeek: Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution https://www.securityweek.com/ivanti-patches-critical-vulnerability-in-avalanche-enterprise-mdm-solution/ #Vulnerabilities #Ivanti

❗️#CERTWarnung❗️
In #Ivanti EPMM wurde erneut eine #Schwachstelle gefunden. CVE-2023-35082 ermöglicht es Angreifenden u.a. persönliche Daten auf mobilen Endgeräten abzugreifen. Es steht ein Skript zur Mitigation bereit. https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-257569-1032

SecurityWeek: Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed https://www.securityweek.com/exploitation-of-ivanti-epmm-flaw-picking-up-as-new-vulnerability-is-disclosed/ #Vulnerabilities #vulnerability #Ivanti

Zum verwundbaren #Ivanti Mobile Device Management im #Digitalministerium: Neben 2 Ministerien waren auch 2 Landespolizeien (Bremen, Hessen) betroffen. CERT Nord, CERT Bund und Hessen3C CyberCompetenceCenter (lol) hatten wir am Samstag informiert. CERTs Nord und Bund haben am Montag kurz vor 9 Uhr geantwortet. Keine Rückmeldung gab es aus Hessen. Alle von uns gemeldeten Systeme sind gepatcht oder nicht mehr erreichbar.

Zum verwundbaren #Ivanti Mobile Device Management im #Digitalministerium: Neben 2 Ministerien waren auch 2 Landespolizeien (Bremen, Hessen) betroffen. CERT Nord, CERT Bund und Hessen3C CyberCompetenceCenter (lol) hatten wir am Samstag informiert. CERTs Nord und Bund haben reagiert (danke, gerne wieder). Keine Rückmeldung gab es aus Hessen. Alle von uns gemeldeten Systeme sind gepatcht oder nicht mehr erreichbar.

SecurityOnline: CVE-2023-35082: Critical Security Vulnerability in MobileIron Core https://securityonline.info/cve-2023-35082-critical-security-vulnerability-in-mobileiron-core/ #CVE-2023-35082 #MobileIronCore #Vulnerability #Ivanti

TechcrunchSecurity: US, Norway say hackers have been exploiting Ivanti zero-day since April https://techcrunch.com/2023/08/02/ivanti-zero-day-exploit-april-government/ #cybersecurity #usgovernment #Zero-days #Security #ivanti #CISA

TechcrunchSecurity: US, Norway say hackers have been exploiting Ivanti zero-day since April https://techcrunch.com/2023/08/02/ivanti-zero-day-exploit-apri-government/ #cybersecurity #usgovernment #Zero-days #Security #ivanti #CISA