U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack.
More Ivanti customers are likely at risk, as the vulnerability — discovered and reported by Norwegian cybersecurity company Mnemonic — affects all supported versions of the Sentry software, and Ivanti has warned older versions of the tool are also at risk.
Ivanti urged customers to disconnect their servers from the internet and to restrict access to internal management networks.
It was confirmed earlier this month that state-backed attackers had compromised multiple Norwegian government agencies by exploiting a previously undiscovered flaw (CVE-2023-35078) in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core).
In a separate advisory, the U.S. government’s cybersecurity agency CISA warned that this flaw could be chained with a second vulnerability (CVE-2023-35081) to reduce the complexity of carrying out attacks.
CISA has linked previous intrusions in Ivanti’s software to Chinese state-sponsored hackers.
The original article contains 363 words, the summary contains 145 words. Saved 60%. I’m a bot and I’m open source!
This is the best summary I could come up with:
U.S. software giant Ivanti has scrambled to patch another zero-day vulnerability under active attack.
More Ivanti customers are likely at risk, as the vulnerability — discovered and reported by Norwegian cybersecurity company Mnemonic — affects all supported versions of the Sentry software, and Ivanti has warned older versions of the tool are also at risk.
Ivanti urged customers to disconnect their servers from the internet and to restrict access to internal management networks.
It was confirmed earlier this month that state-backed attackers had compromised multiple Norwegian government agencies by exploiting a previously undiscovered flaw (CVE-2023-35078) in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core).
In a separate advisory, the U.S. government’s cybersecurity agency CISA warned that this flaw could be chained with a second vulnerability (CVE-2023-35081) to reduce the complexity of carrying out attacks.
CISA has linked previous intrusions in Ivanti’s software to Chinese state-sponsored hackers.
The original article contains 363 words, the summary contains 145 words. Saved 60%. I’m a bot and I’m open source!