#CISA exposes #malware kits deployed in #Ivanti #EPMM attacks
#EPMM
Two severe vulnerabilities in Ivanti's EPMM let hackers bypass security and execute malicious code. Is your system truly protected? Dive in to uncover what you need to know.
#ivanti
#epmm
#cve20254427
#cve20254428
#vulnerabilitymanagement
#China-linked #APT #UNC5221 started exploiting #Ivanti #EPMM flaws shortly after their disclosure
https://securityaffairs.com/178285/apt/china-linked-apt-unc5221-started-exploiting-ivanti-epmm-flaws-shortly-after-their-disclosure.html
#securityaffairs #hacking #malware
CISA has issued an urgent advisory about six actively exploited vulnerabilities affecting Ivanti EPMM, Zimbra, Output Messenger, and other enterprise systems. Learn which systems are at risk and what actions your organization should take immediately to protect critical infrastructure.
#SecurityLand #CyberWatch #CISA #Vulnerability #Ivanti #EPMM #Zimbra #OutputMessenger #EnterpriseSecurity #SecurityExploit #CriticalInfrastructure #Government
Read More: https://www.security.land/us-government-warns-about-six-actively-exploited-vulnerabilities/
#Ivanti: Ivanti Endpoint Mobile Manager (#EPMM) #Vulnerabilities CVE-2025-4427 and CVE-2025-4428 Allow Remote Code Execution and being actively exploited in the wild - patch your systems now!
👇
https://cybersecuritynews.com/ivanti-endpoint-mobile-manager-vulnerabilities/
"And it's Friday!" 😅
Si vous administrez une instance Ivanti Endpoint Manager Mobile (EPMM) c'est le moment de le mettre à jour
Deux failles enchaînables permettent une exécution de code à distance, sans authentification :
CVE-2025-4427 : contournement d’authentification
CVE-2025-4428 : injection de code via Expression Language (Java EL) post-auth
💥 Exploitation active confirmée, visant peu de cibles pour l’instant… mais le risque de mass exploitation est réel une fois l’info diffusée.
Le combo permet à un attaquant d’exécuter des commandes sur le serveur Ivanti EPMM sans identifiants. Exemple démontré par Watchtowr : touch /tmp/poc, ou même id.
🔐 Versions corrigées :
11.12.0.5
12.3.0.2
12.4.0.2
12.5.0.1
⬇️
"Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)"
👇
https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
Ivanti's latest patch locks down a vulnerability that let hackers sneak in like uninvited guests. Are your systems still at risk? Discover how these zero-day fixes could be your digital lifesaver.
https://thedefendopsdiaries.com/ivantis-security-patch-addressing-critical-vulnerabilities-in-epmm/
All versions of Ivanti product affected by vulnerability used in Norway gov’t attack
IT giant Ivanti said on Monday that several recently-discovered vulnerabilities affect all versions of their Endpoint Manager Mobile (EPMM) tool.
https://therecord.media/all-ivanti-versions-affected-by-vulnerability-tied-to-norway-attacks #Ivanti #vulnerabilities #attack #EPMM
Ivanti updated its advisory on CVE-2023-35082 to say all versions of Ivanti Endpoint Manager Mobile 11.10, 11.9 and 11.8 and MobileIron Core 11.7 are affected
https://therecord.media/all-ivanti-versions-affected-by-vulnerability-tied-to-norway-attacks
#Asus #SOHO routere brukt i angrepet mot departementer hvor et sikkerhetshull i #EPMM ble utnyttet.
Ingen systemer er sikrere enn det svakeste ledd. De fleste forbrukere har ikke noe forhold til oppdatering av sin router. Det er en svart boks som gir dem wifi/internett.
Hvordan kan man forbedre dette? #EU har vel en #IoT policy på gang, men vi bør nok agere raskere enn det.
Kein Überblick über #EPMM-Nutzung beim #Bund
>Von einer BSI-Sprecherin heißt es gegenüber Tagesspiegel Background, die Warnmeldung sei an die Bundesverwaltung und Betreiber Kritischer Infrastrukturen versendet worden. […] <
> […] Auf die entsprechende Frage heißt es: „Das
BSI hat keinen Überblick über die in der Bundesverwaltung eingesetzten
MDM-Lösungen".<
😬
Siehe Screenshot
#Digitalministerium #Zollkriminalamt #ivanti #mobileiron 2/2
#Rapid7 found a bypass for the recently patched actively exploited #Ivanti #EPMM bug
https://securityaffairs.com/149116/security/ivanti-epmm-bypass-cve-2023-35082.html
#securityaffairs #hacking #malware
#Rapid7 found a bypass for the recently patched actively exploited #Ivanti #EPMM bug
https://securityaffairs.com/149116/security/ivanti-epmm-bypass-cve-2023-35082.html
#securityaffairs #hacking #malware
Ivanti has remedied all three vulnerabilities, however, users of older versions of MobileIron Core (version 11.2 and earlier) are still at risk.
⚠️📢 Unsere Security-Experten haben ein Update unseres Leitfadens „Hilfe zur Selbsthilfe“ für alle User der Software „Ivanti Endpoint Manager Mobile“ (#EPMM) veröffentlicht:
Nachdem mittlerweile auch ein Exploit-Code öffentlich online verfügbar ist, steigt das Risiko einer automatischen Ausnutzung der Ivanti #Schwachstelle CVE-2023-35078.
Unsere aktualisierte Anleitung im #Research Blog von @hisolutions bahnt den Weg aus der Gefahrenzone 🚸:
▶️ https://lnkd.in/ehqmpuAq
Jetzt patchen! Ivanti schließt erneute Zero-Day-Lücke in EPMM | heise online
https://heise.de/-9230517 #ZeroDay #EPMM
Ivanti patches another EPMM zero-day used to attack Norwegian government
Patch now, urges CISA
https://www.computing.co.uk/news/4121154/ivanti-patches-epmm-zero-day-attack-norwegian-government
#Sigma rules to detect suspicious activity associated with CVE-2023-35078 exploitation, a critical authentication bypass #vulnerability in Ivanti Endpoint Manager Mobile (#EPMM) actively leveraged in the wild to target high-profile orgs.
Advisory: Ivanti Endpoint Manager Mobile (#EPMM) Authentication Bypass Vulnerability https://www.mnemonic.io/resources/blog/ivanti-endpoint-manager-mobile-epmm-authentication-bypass-vulnerability/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst