Threat Actors Exploiting Ivanti EPMM Vulnerabilities
– admin
This article discusses the joint Cybersecurity Advisory (CSA) released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) in response to active exploitation of two vulnerabilities, CVE-2023-35078 and CVE-2023-35081. Key takeaways: Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July 2023 to gather information from several Norwegian organizations. CVE-2023-35078 is a critical vulnerability that allows threat actors to access personally identifiable information (PII) and gain the ability to make configuration changes on compromised systems. CISA and NCSC-NO are concerned about the potential for widespread exploitation in government and private sector networks.
Link: https://defendedge.com/alerts/aa23-213a/