Die meisten schaffen es scheinbar nicht die aktuellen kritischen Lücken in Lösungen wie Mobile Iron durch das Installieren von vorhandenen Sicherheitsupdates abzusichern.
Es gibt immer noch ne Menge angreifbarer Ivanti (ehemals Mobile Iron) Sentry’s da draußen 🤷‍♂️🤦‍♂️. Schlafen die Admins?

#vulnerability #ivanti #sentry #sicherheit #it #mobileiron #patches #updates

Wer eine Sentry von Ivanti (ehemals Mobile Iron) im Einsatz hat, sollte dringend die letzten Patches einspielen! Angreifer können aus der Ferne Befehle ausführen.

#mobileiron #ivanti #vulnerability #patch #hacker #exploit #security

#MobileIron: Diebstahl persönlicher Daten von Polizei-Mitarbeitern in der Schweiz | Security https://www.heise.de/news/MobileIron-Diebstahl-persoenlicher-Daten-von-Polizei-Mitarbeitern-in-der-Schweiz-9268426.html #DataLeak #DataBreach #Datenschutz #privacy

Länger nichts von #Ivanti gehört? 🙈

„[…] critical #vulnerability ( #CVE-2023-38035 )enables unauthenticated attackers to gain access to sensitive admin portal configuration APIs exposed over port 8443, used by #MobileIron Configuration Service (MICS).“

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/

https://www.bleepingcomputer.com/news/security/ivanti-discloses-new-critical-auth-bypass-bug-in-mobileiron-core/

Caitlin Condon: „We would consider this a bypass for the fix for CVE-2023-35078, but notably, it only works on unsupported versions of MobileIron Core (11.2 and below). CVE-2023-35082 could be chained with CVE-2023-35081 to allow an attacker write malicious webshell files to the appliance.“

#infosec #mobileiron #vulnerabiliy #ivanti

CISA advisory says the zero day exploitation of #MobileIron was happening from "at least" April 2023 (which backs up from I wrote in my blog - i.e. I can see exploitation in logs going back to early this year).

Threat actors were uploading webshells and such. #threatintel #mobileirony

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a

https://www.spiegel.de/netzwelt/netzpolitik/digitalministerium-von-volker-wissing-diensttelefone-waren-angreifbar-a-0a7af477-3190-4c4c-83a4-dd9b75179d52 German Federal Ministry for Digital and Transport has not patched the critical vulnerability for almost a week, even after warning from the Federal Office of Information Security BSI

#infosec #ivanti #mobileiron

Watching the Ivanti #MobileIron shitshow, "unsurprised" doesn't even begin to describe it. The only surprise is in how long it took to find.
Leadership not only minimizing it, but being outright dishonest with the public and with customers?
Yeah.
Not surprised.

Ivanti schließt Zero-Day-Lücke in #MobileIron | Security https://www.heise.de/news/Ivanti-schliesst-Zero-Day-Luecke-in-MobileIron-9225583.html #Patchday

Now public info from Ivanti: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

Ask Ivanti for the IOC PDF and check your mobileiron logs. If the logs cover only a short period of time, check the logs of the backup of your mobileiron systems.

#infosec #ivanti #mobileiron #vulnerability

The #MobileIron zero day saga continues.

The vendor note to customers says the flaw allows the attacker to "make limited changes to the server".

CISA have released a statement saying "An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system"

#threatintel

https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

https://www.heise.de/news/Ivanti-schliesst-Zero-Day-Luecke-in-MobileIron-9225583.html

heise.de writes about Ivanti mobileiron core unauthenticated api access CVE-2023-35078 —> patch now

#infosec #mobileiron #vulnerability

⚠️ Regarding the #MobileIron vulnerability ⚠️

Patches are out for 11.8.1.1, 11.9.1.1 and 11.10.0.2. It also applied to unsupported and EOL versions.

It's a serious zero day vulnerability which is very easy to exploit, where Ivanti are trying to hide it for some reason - this will get mass internet swept. I'd strongly recommend upgrading, and if you can get off EOL, switch off the appliance.

We have a winner already - CVE-2023-35078, zero day in #MobileIron aka Ivanti Endpoint Manager Mobile

Exploitation in the wild. #threatintel
https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078

https://www.ivanti.com/blog/epmm-security-concern-with-server-response-leak
Ivanti Endpoint Manager Mobile (formerly known as MobileIron Core)

CVE-2023-25690 CVSS3.1 Score9.8

Afftected version 11.9.0.1 and below

#infosec #vulnerability #mobileiron #ivanti

Any #mobileiron users here? #mdm

#TIL: Neither #MobileIron nor #Okta support #IPv6 on mobile devices, with #TMobile US issuing only IPv6 addresses to mobile devices.

New Version: Ivanti #MobileIron Sentry 9.17.0 (Stable;x86_64) https://bit.ly/3HIM3Tz

Critical MobileIron RCE Flaw Under Active Attack - Attackers are targeting the critical remote code-execution flaw to compromise systems in the healt... https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/ #localgovernmentsecurity #remotecodeexecution #healthcaresecurity #microsoftwindows #vulnerabilities #cve-2020-15505 #cve-2020-1472 #activeattack #criticalflaw #mobileiron #zerologon #netlogon #exploit #hacks #rce

QR Codes Serve Up a Menu of Security Concerns - QR code usage is soaring in the pandemic -- but malicious versions aren't something that most peop... https://threatpost.com/qr-codes-menu-security-concerns/159275/ #securityconcerns #whatqrcodescando #mobilesecurity #cloudsecurity #touchlessmenu #websecurity #maliciousqr #mobileiron #pandemic #qrcode