CVE-2023-35081

Ivanti warns of critical flaws in its Avalanche MDM solution By Sergiu Gatlan April 16, 2024 03:52 PM 0 Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location. As the ...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Invaders already spent four or more months frolicking inside Norwegian government servers

Intruders who exploited a critical Ivanti bug to compromise 12 Norwegian government agencies spent at least four months looking around the organizations' systems and stealing data before the intrusion was discovered and stopped. In a joint advisory issued on Tuesday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre detailed the attack, and warned of the "potential for widespread exploitation" of Ivanti's software in both...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Good thing you're not exposing admin port 8443 to the world, right? Uh, right?

A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday. This vulnerability, tracked as CVE-2023-38035, is a 9.8-of-10 flaw in terms of CVSS severity, and strictly speaking lies within Ivanti Sentry, formerly known as MobileIron Sentry. This is a gateway that manages and encrypts traffic between an organization's mobile devices and back-end systems. Exploitation of this vuln may result in an intruder gaining control...