HQ/EMEAFind out how we can help your business
The Norwegian National Security Authority (NSM) claimed that the threat actors who breached the software platform utilised by 12 ministries in their country had exploited the Ivanti flaw. Based on reports, the exploited flaw is a zero-day in the software’s Endpoint Manager Mobile solution.
The security authority confirming the attack also notified the Norwegian Data Protection Authority (DPA) about the incident. This detail indicates that the attackers could have acquired initial access to the compromised system, which led to the data breach incident and, possibly, data exfiltration.
NSM explained that the newly discovered vulnerability is a unique bug in Norway. Therefore, if they had released the information about the zero-day flaw, they could have contributed to the malicious actions of the attackers in other parts of the country or the world.
Furthermore, the NSM notified all confirmed MobileIron Core customers within the country about a new security update addressing the actively exploited Ivanti zero-day. Researchers track the malware as CVE-2023-3578.
The Norwegian National Cyber Security Center (NCSC) also notified all known MobileIron Core customers in Norway about the existence of a security update to address this actively exploited zero-day bug (tracked as CVE-2023-35078).
Therefore, the NCSC encourages the system owners to adopt the newly disseminated security updates to prevent incoming attacks that would exploit the flaw.
The Ivanti flaw could be a bypass bug that could impact all versions of EPMM.
The Ivanti flaw is a security vulnerability that could bypass authentication and affect all supported versions of Ivanti’s Endpoint Manager Mobile (EPMM) mobile device management software.
Successful exploitation of the bug could enable remote attackers to access specific API paths without authentication. Furthermore, an attacker could make other configuration changes, such as generating EPMM admin accounts that could further alter a flawed system.
The Norwegian company admitted that the zero-day flaw suffered exploitations in the past months. Therefore, customers should take immediate actions like employing updates to remain protected. Lastly, most exposed servers are in the United States, Germany, Hong Kong, and the United Kingdom.
