Ivanti rushes to patch zero-day used to breach Norway’s government

From techcrunch.com

Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software to compromise a dozen Norwegian government agencies — and thousands of other organizations could also be at risk.

The Norwegian Security and Service Organization (DSS) said in a statement on Monday that a “data attack” had struck the IT platform used by 12 government ministries. The Norwegian government did not name the affected ministries, but the DSS confirmed several offices were unaffected, including Norway’s Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs.

The DSS said the attack was the result of a “previously unknown vulnerability in the software of one of our suppliers,” but didn’t share any further details. However, the Norwegian National Security Authority (NSM) later confirmed that hackers had leveraged the previously undiscovered flaw in Ivanti Endpoint Manager Mobile (EPMM; formerly MobileIron Core), to compromise Norwegian government agencies.

Read more…