Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Hackers exploiting MobileIron vulnerability

The UK’s National Cyber Security Centre has issued an alert on the MobileIron remote code execution vulnerability. According to the alert, APT nation state groups and cybercriminals are exploiting this vulnerability to compromise the networks of UK organizations.

In June 2020 MobileIron, a provider of mobile device management (MDM) systems, released security updates to address several vulnerabilities in their products. This included CVE-2020-15505, a remote code execution vulnerability, rated critical. MDM systems allow system administrators to manage an organization’s mobile devices from a central server, making them a valuable target for threat actors.

The NCSC is aware that Advanced Persistent Threat (APT) nation-state groups and cybercriminals are now actively attempting to exploit this vulnerability [T1190] to compromise the networks of UK organizations.

The Cybersecurity and Infrastructure Agency (CISA) in the US has also noted that APTs are exploiting this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion.

This critical vulnerability affects MobileIron Core and Connector products and could allow a remote attacker to execute arbitrary code on a system. The MobileIron website lists the following versions as affected:

  • 10.3.0.3 and earlier
  • 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0
  • Sentry versions 9.7.2 and earlier
  • 9.8.0
  • Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier

A proof of concept exploit became available in September 2020 and since then both hostile state actors and cybercriminals have attempted to exploit this vulnerability in the UK. These actors typically scan victim networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting (T1505.002). In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected. 

Tom Davison, Technical Director – International at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, notes, “The interesting story here is the assertion by cybersecurity agencies in the UK (NCSC) and the US (NSA) that nation state APT groups are actively exploiting these vulnerabilities, five full months after patches were issued.  Mobile Device Management servers are by definition reachable from the public internet making them opportune targets. Offering a gateway to potentially compromise every mobile device in the organization, the attraction to attackers is clear.  This highlights not just the importance of patching open vulnerabilities, but also the criticality of having a dedicated mobile security capability that is distinct from device management infrastructure.”

Source: https://www.securitymagazine.com/articles/94038-hackers-exploiting-mobileiron-vulnerability

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

The U.S. government is taking aim at what has been an indomitable empire: Google’s ubiquitous search engine that has become the internet’s main gateway....

Business News

ANKARA, Turkey (AP) — A major rescue operation is underway in Turkey’s Taurus Mountains to bring out an American researcher who fell seriously ill...

Business News

NEW YORK (AP) — After months of complaints from the Authors Guild and other groups, Amazon.com has started requiring writers who want to sell...

Business News

NEW YORK (AP) — Kelly McKernan’s acrylic and watercolor paintings are bold and vibrant, often featuring feminine figures rendered in bright greens, blues, pinks...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO