Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

    justmattgBy justmattgAugust 2, 2023No Comments3 Mins Read

    [ad_1]

    Aug 02, 2023THNVulnerability / Cyber Attack

    Ivanti EPMM Vulnerability

    Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network.

    The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) Tuesday. The exact identity or origin of the threat actor remains unclear.

    “The APT actors have exploited CVE-2023-35078 since at least April 2023,” the authorities said. “The actors leveraged compromised small office/home office (SOHO) routers, including ASUS routers, to proxy to target infrastructure.’

    Cybersecurity

    CVE-2023-35078 refers to a severe flaw that allows threat actors to access personally identifiable information (PII) and gain the ability to make configuration changes on compromised systems. It can be chained with a second vulnerability, CVE-2023-35081, to cause unintended consequences on targeted devices.

    Successful exploitation of the twin vulnerabilities makes it possible for adversaries with EPMM administrator privileges to write arbitrary files, such as web shells, with operating system privileges of the EPMM web application server.

    The attackers have also been observed tunneling traffic from the internet through Ivanti Sentry, an application gateway appliance that supports EPMM, to at least one Exchange server that was not accessible from the internet, although it’s currently unknown how this was accomplished.

    Further analysis has revealed the presence of a WAR file called “mi.war” on Ivanti Sentry, which has been described as a malicious Tomcat application that deletes log entries based on a specific string – “Firefox/107.0” – contained in a text file.

    Cybersecurity

    “The APT actors used Linux and Windows user agents with Firefox/107.0 to communicate with EPMM,” the agencies said. “Mobile device management (MDM) systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices.”

    A majority of the 5,500 EPMM servers on the internet are located in Germany, followed by the U.S., the U.K., France, Switzerland, the Netherlands, Hong Kong, Austria, China, and Sweden, according to Palo Alto Networks Unit 42.

    To mitigate against the ongoing threat, it’s recommended that organizations apply the latest patches as soon as possible, mandate phishing-resistant multi-factor authentication (MFA) for all staff and services, and validate security controls to test their effectiveness.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleNew NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
    Next Article Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑