triangletoot.party is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon instance focused on the Triangle region of North Carolina. Keeping out jerks since 2019. Anti-racist, anti-fascist, and anti-TERF.

Server stats:

79
active users

Which vendor is going to declare a happy little vulnerability this week rather than a zero day?

⚠️ Regarding the #MobileIron vulnerability ⚠️

Patches are out for 11.8.1.1, 11.9.1.1 and 11.10.0.2. It also applies to unsupported and EOL versions.

It's a serious zero day vulnerability which is very easy to exploit, where Ivanti are trying to hide it for some reason - this will get mass internet swept. I'd strongly recommend upgrading, and if you can’t get off EOL, switch off the appliance.

Heise have picked up on the #MobileIron zero day. It's under active exploitation, Ivanti have put security information behind a paywall portal and hidden exploitation information behind a non-disclosure agreement.

Ivanti are also a security vendor.

cc @wdormann heise.de/news/Ivanti-schliesst

heise onlineIvanti schließt Zero-Day-Lücke in MobileIronBy Jürgen Schmidt

What is this nonsense. They have a public security blog.. that they’re not using as soon as they have a security issue in their own back garden.

Ivanti argue they are “practicing responsible disclosure protocols” by trying to hide a zero day in their own product, MobileIron, and lock technical details behind non-disclosure agreements to avoid people understanding the severity of their fail. therecord.media/ivanti-urges-c

The #MobileIron advisory is now public. Cyberbullying vendors into doing the right thing is my community service.

CVSS 10. “Remote unauthenticated API access”. #threatintel

This one is completely nuts btw, I set up a honeypot and it’s already being probed via the API - which allows admin access and is completely unauthenticated, apparently nobody ever pentested one of the most widely used MDM solutions.

forums.ivanti.com/s/article/CV

The #MobileIron zero day saga continues.

The vendor note to customers says the flaw allows the attacker to "make limited changes to the server".

CISA have released a statement saying "An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system"

#threatintel

cisa.gov/news-events/alerts/20

Cybersecurity and Infrastructure Security Agency CISAIvanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078 | CISA

Here's a track of MobileIron/EPMM deployment worldwide.

It's hotter than The Hoff in Germany.

A vast majority of orgs haven't patched. Orgs include 10 Downing Street, large swathes of the US government etc.

The MobileIron vuln is definitely do the rounds in security circles as my honeypot is getting probed, admin lists dumped and disclosures from researchers. #MobileIrony #threatintel

Thomas Strömberg 🚲🌳🛵

@GossiTheDog nice! I feel like it was good timing for us to move from to for our automated network-wide scans last week.

It’s been great to see just how agile the community behind Nuclei is. Nessus never felt like that, probably due to the poorer onboarding experience for users and developers alike.