Tag: Ivanti

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
News

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

Multiple persistence strategies have been seen to be used by the China-nexus cyber espionage actor connected to the zero-day exploitation of security weaknesses in Fortinet, Ivanti, and VMware devices to keep unrestricted access to compromised environments. According to a recent analysis from Mandiant researchers, persistence techniques included network devices, hypervisors, and virtual machines and made sure that alternate channels remained accessible even in the event that the primary layer was identified and removed. UNC3886 is the threat actor in question, and the threat intelligence firm controlled by Google described it as "sophisticated, cautious, and evasive." The adversary's attacks have taken advantage of zero-day vulnerabilities including CVE-2022-41328 (Fortinet Forti...
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
News

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

In its Endpoint Management software (EPM), Ivanti addressed a serious remote code execution (RCE) vulnerability that may have allowed unauthorized attackers to take control of registered devices or the core server. Ivanti EPM facilitates the management of client devices on a variety of operating systems, including Windows, macOS, Chrome OS, and Internet of Things. All supported Ivanti EPM versions are affected by the security weakness (recorded as CVE-2023-39366), which has been fixed in version 2022 Service Update 5. Low-complexity attacks that don't require privileges or user engagement can be exploited by attackers who have access to the internal network read more Ivanti warns critical EPM bug lets hackers hijack enrolled devices. Get up to date on the latest cybersecurity new...
Ivanti Warns of Critical Zero Day Flaw Being Actively Exploited in Sentry Software
News

Ivanti Warns of Critical Zero Day Flaw Being Actively Exploited in Sentry Software

The security problems facing Ivanti, a provider of software services, have become worse. The company has discovered a new serious zero-day vulnerability that affects Ivanti Sentry (previously MobileIron Sentry) and is being actively exploited in the field. A case of authentication bypass affecting versions 9.18 and earlier, it has been identified as CVE-2023-38035 (CVSS score: 9.8) and is attributed to an inadequately restrictive Apache HTTPD setup. An unauthorised actor may be able to access some sensitive APIs used to set the Ivanti Sentry on the administrator portal (port 8443, often known as MICS), if this vulnerability is taken advantage of, according to the business read more Ivanti Warns of Critical Zero Day Flaw Being Actively Exploited in Sentry Software. Stay informed w...