August 21, 2023
The FTI Cybersecurity team released a threat intelligence report regarding a critical zero-day vulnerability related to mobile device management (MDM). Specifically, Ivanti Endpoint Manager Mobile is being exploited by CVE-2023-35078 and CVE-2023-35081. The report details the threat activity, threat assessment, and provides recommended actions.
Update: Zero-Day Vulnerability Allows Threat Actors to Configure Ivanti Sentry as System Manager Portal Administrator
Based on the popularity of MDM, threat actors will continue to seek new ways to exploit mobile devices because of the critical business information they possess. As recently as Monday, August 21, a new Ivanti vulnerability was identified: