Main topic: Hackers exploiting a zero-day flaw in Ivanti's mobile endpoint management software to breach government agencies.
Key points:
1. Hackers exploited a zero-day flaw in Ivanti's mobile endpoint management software for at least three months.
2. Multiple Norwegian government agencies were compromised by the hackers.
3. The flaw allows unauthenticated access to users' personal information and the ability to make changes to the vulnerable server.
4. Hackers used compromised routers as proxies to conceal the source of their attacks.
5. A second vulnerability was also exploited, reducing the complexity of executing attacks.
6. Ivanti released patches for both vulnerabilities.
7. CISA and NCSC-NO urged agencies to search their systems for potential compromise and report any issues.
8. Previous MobileIron vulnerabilities have been exploited by government-backed actors, potentially linked to Chinese state-sponsored hackers.
9. Ivanti has not yet responded to inquiries.
10. There are still over 2,200 exposed MobileIron portals, mostly in the United States.
Two zero-day vulnerabilities, CVE-2023-41064 and CVE-2023-41061, were exploited by NSO Group's Pegasus spyware to infect fully-patched iPhones running iOS 16.6 via PassKit attachments containing malicious images, prompting Citizen Lab to urge Apple users to update their devices and activate Lockdown Mode.
Apple released security updates to patch two zero-day exploits used against a civil society organization, allowing hackers to compromise iPhones without user interaction.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Apache's RocketMQ platform that is being exploited by multiple threat actors, allowing them to install payloads on affected systems and deploy a Monero cryptocurrency miner. CISA advises federal agencies to patch the vulnerability or discontinue using the product.
Apple devices are vulnerable to a zero-click, zero-day vulnerability that allows the delivery of Pegasus spyware, even on the latest iOS version, with the exploit being referred to as BLASTPASS by researchers at Citizen Lab who collaborated with Apple on addressing the issue.
Apple has issued emergency security updates to fix two zero-day vulnerabilities that allowed the Pegasus spyware to access iPhones, iPads, and Macs, enabling hackers to monitor and record calls and messages and access the camera and microphone.
Apple has released emergency security updates to fix three new zero-day vulnerabilities that were exploited to target iPhone and Mac users, bringing the total number of zero-days fixed this year to 16. The vulnerabilities allowed attackers to bypass signature validation, execute arbitrary code, and escalate privileges. The impacted devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey and newer, and Apple Watch Series 4 and later. The zero-days were discovered and reported by security researchers at Citizen Lab and Google's Threat Analysis Group.
Apple has released urgent security updates to patch vulnerabilities actively exploited, including flaws in WebKit, certificate validation, and kernel access, which were part of an exploit chain used to plant the Pegasus and Predator spyware.
Google has released an emergency patch for a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor, and the vulnerability has been linked to the zero-click iMessage exploit chain used to deploy the NSO Group's Pegasus spyware on compromised iPhones.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have identified the top ten most common cybersecurity misconfigurations and provided recommendations to mitigate the risk of exploitation by threat actors.
The cybersecurity advisory released by the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) highlights the use of unchanged default credentials as the main security misconfiguration leading to cyberattacks.