Endpoint/Device Security, Vulnerability Management

Actively exploited Ivanti Endpoint Manager Mobile zero-day addressed

Share

Patches have been issued by Ivanti for a zero-day authentication bypass flaw in its Endpoint Manager Mobile device management software previously known as MobileIron Core, which has already been actively exploited by threat actors, BleepingComputer reports. Ivanti EPMM versions 11.10, 11.9, and 11.8, as well as other older releases are impacted by the flaw, tracked as CVE-2023-35078, which could be leveraged to facilitate the compromise of personally identifiable information and the implementation of server changes, according to a private bulletin by Ivanti, which noted that less than 10 of its customers have been affected by the exploitation but dismissed the presence of a supply chain attack. On the other hand, more than 2,900 MobileIron user portals were discovered in a Shodan search to be accessible online, most of which are in the U.S., Germany, the U.K., and Hong Kong. U.S. state and local government agencies were also discovered to account for 36 of the exposed servers.

Related

Funding round pulls in $200M for Armis

Such newly secured funds, which come after Armis reached $200 million in annual recurring revenue, will be allocated towards accelerating product development and studying opportunities for acquisition as it aims to reach an ARR of $500 million by 2026, when the firm is reported to be planning to stage an IPO.

Related Terms

Anti-MalwareAntivirus SoftwareBring Your Own Device (BYOD)Buffer OverflowBugDisassemblyEndpoint SecurityExtranetFirmwareKeylogger

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.