Encircle News!

Retro Game Arcade
, , , , , ,

Ivanti warns customers another zero-day is under active attack

Carly Page

U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack.

The vulnerability, tracked as CVE-2023-38035 with a vulnerability severity rating of 9.8 out of 10, affects the software company’s Sentry product. Ivanti Sentry (formerly MobileIron Sentry) is a mobile gateway designed to manage, encrypt, and secure network traffic between employee devices and a company’s back-end systems.

The new vulnerability — known as a zero-day since the company had no time to fix the bug before it was exploited — allows unauthenticated attackers to access sensitive APIs used to configure the Ivanti Sentry on the administrator portal, the company said. Successful exploitation of the zero-day could allow hackers to change configuration, run system commands, or write files onto the system.

In its advisory, Ivanti states that while the issue has a high severity rating, “there is a low risk of exploitation for customers who do not expose port 8443 to the internet,” referring to the default internet-facing port that the software is installed with. However, the company says that attackers have already exploited the vulnerability to target a “limited” number of its customers.

Ivanti has not yet said how many customers were compromised and did not respond to TechCrunch’s questions.

More Ivanti customers are likely at risk, as the vulnerability — discovered and reported by Norwegian cybersecurity company Mnemonic — affects all supported versions of the Sentry software, and Ivanti has warned older versions of the tool are also at risk. Ivanti urged customers to disconnect their servers from the internet and to restrict access to internal management networks.

This latest zero-day is the third Ivanti vulnerability that hackers have exploited in recent months.

It was confirmed earlier this month that state-backed attackers had compromised multiple Norwegian government agencies by exploiting a previously undiscovered flaw (CVE-2023-35078) in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core). In a separate advisory, the U.S. government’s cybersecurity agency CISA warned that this flaw could be chained with a second vulnerability (CVE-2023-35081) to reduce the complexity of carrying out attacks.

It’s not yet known who is behind the attacks leveraging zero-days in Ivanti’s software. CISA has linked previous intrusions in Ivanti’s software to Chinese state-sponsored hackers.

Ivanti rushes to patch zero-day used to breach Norway’s government

https://techcrunch.com/2023/08/22/ivanti-warns-customers-another-zero-day-is-under-active-attack/

Follow Us

Featured Posts

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny This Week in Tech (Audio)

How Bluesky, Alternative to X and Facebook, Is Handling Explosive Growth Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Biden Asked Microsoft to "Raise the Bar on Cybersecurity." He May Have Helped Create an Illegal Monopoly. CFPB looks to place Google under federal supervision, setting up clash Apple's Tim Cook Has Ways to Cope With the Looming Trump Tariffs Apple Removes Another RFE/RL App At Request Of Russian Regulator Here's Why I Decided To Buy 'InfoWars' Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case Spotify's Plans For AI Generated Music, Podcasts, and Recommendations, According To Its Co-President, CTO, and CPO Gustav Söderström This 'AI Granny' Bores Scammers to Tears Congress ponders underwater alien civilizations, human hybrids, and other unexplained stuff In Memoriam: Thomas E. Kurtz, 1928–2024 Host: Leo Laporte Guests: Alex Kantrowitz, Daniel Rubino, and Iain Thomson Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
  1. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  2. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  3. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  4. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing
  5. TWiT 1002: Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon