Featured Story
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti has released a patch for CVE-2023-35078, a remote unauthenticated API access vulnerability in Endpoint Manager Mobile (EPMM, formerly MobileIron Core). It affects versions 11.4 through 11.10 and has a maximum CVSS score of 10.
The flaw is being actively exploited, with the Norwegian National Security Authority confirming attacks on their Government Security and Service Organization. The vulnerability allows remote access to personal data and limited server control without authentication.
Exploitation requires no authentication or user interaction and has high impact on confidentiality, integrity, and availability. Organizations running EPMM must apply Ivanti’s patches immediately. Our SOC can help assess impact and verify patch application.
Other Stories
Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks
Apple released updates for iOS and macOS addressing CVE-2023-38606, a kernel vulnerability exploited in the wild. The bug allowed apps to modify sensitive kernel states. It’s part of an exploit chain investigated by Kaspersky.
Update all Apple devices to the following versions:
- iOS/iPadOS 16.6
- macOS Ventura 13.5, Monterey 12.6.8, Big Sur 11.7.9
- watchOS 9.6, tvOS 16.6
Our SOC team can assist with patch validation and endpoint hardening.
New Vulnerability Puts 926,000 MikroTik Routers at Risk! Users Urged to Patch
CVE-2023-30799 allows privilege escalation from admin to super-admin on MikroTik RouterOS via Winbox or HTTP interface. With over 900,000 devices at risk, researchers urge immediate patching and tighter admin controls.
If you use MikroTik:
- Apply latest RouterOS update
- Restrict login IPs and disable Winbox
- Use SSH with key-based authentication only
Our SOC can monitor brute-force attempts and help secure remote interfaces.
Stolen Microsoft Key: The Impact Is Higher Than Expected
Storm-0558, a Chinese threat group, stole a Microsoft consumer signing key, which could generate access tokens across Microsoft services, not just Exchange Online and Outlook. It may have impacted Outlook, SharePoint, OneDrive, and Teams.
While the stolen key was revoked, threat actors could have established persistence beforehand. We recommend reviewing the Wiz impact analysis and scanning for suspicious activity in Microsoft environments. Our SOC can assist with forensics and identity protection.
Beware of False Warning About Unpaid Taxes
A phishing email impersonating FPS Finance claims recipients owe unpaid taxes and offers a 30% discount if paid in Bitcoin. It pressures victims with a fake 2-day deadline to create urgency—a classic phishing tactic.
Always be skeptical of emails requesting urgent payment. Never pay in cryptocurrency for official matters. Forward suspicious emails to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our SOC can help validate potential fraud attempts and advise on awareness campaigns.
