Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  NCSC alerts over MobileIron vulnerability
NextPrevious

NCSC alerts over MobileIron vulnerability

News, Vulnerabilities | 25 November, 2020 | 0

The UK National Cyber Security Centre has issued an alert warning that multiple actors are attempting to exploit a MobileIron vulnerability to compromise the networks of UK organisations.

MobileIron issued a security patch in June 2020 for their Mobile Device Management system to resolve several vulnerabilities in their software.  Included was a critical remote code execution vulnerability (CVE-2020-15505) which is being chained with the Netlogon/Zerologon (CVE-2020-1472) vulnerability in order to breach the networks under attack.

The NCSC alert warns that nation state actors and cyber criminal gangs are targeting this vulnerability now and any unpatched systems need to be addressed urgently.

Both of the vulnerabilities under attack (in MobileIron’s Core and Connector products and the Microsoft Zerologon vulnerability) have had security patches freely available for several months.  A proof of concept exploit was published in September 2020 which triggered an increase in the number of bad actors attempting the exploit this MobileIron vulnerability. The vulnerability was also included in the recent list of the top vulnerabilities being targeted today issued by the NSA.

Establishing a regular monthly security patching activity for all systems is one of the most effective steps any organisation can take in order to improve their cyber security.  This can be combined with regular vulnerability scans which will identify any patches which have been missed.

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
ncsc, Security operations, vulnerability management

Related Post

  • Two thirds of cyber-crimes repeated within 12 months

    By Mark Faithfull

    According to a new report, 68% of organisations that suffered a network breach are the victim of a repeat attack within a year.  Cyber-criminals assume that organisation will not learn a lesson from the firstRead more

  • Hackers target Oracle WebLogic vulnerability

    By Mark Faithfull

    Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to performRead more

  • VMWare warns of critical zero-day vulnerability

    By Mark Faithfull

    VMWare has issued a security advisory warning of a command injection vulnerability that could allow someone with access to the VMWare Configurator admin account to issue command with unrestricted privileges on the underlying operating system.Read more

  • Derek attacks QNAP NAS Devices

    By Mark Faithfull

    The UK National Cyber Security Centre and CISA in the USA have issued a joint alert detailing the risk posed by the Qsnatch/Derek malware which attacks QNAP NAS devices. The National Cyber Security Centre statesRead more

  • What is the Tsunami security scanner?

    By Mark Faithfull

    Tsunami is a security vulnerability scanner designed for very large networks – originally created by Google for scanning their own huge network. Google has now released Tsunami as an open source project – it isRead more

NextPrevious

Recent Posts

  • Apple patches critical iOS vulnerabilities
  • Critical SUDO vulnerability discovered
  • GDPR Fines continue to grow
  • NetLogon Security Changes coming in February
  • CISA Warns of Pass-the-Cookie attack

Tags

Android Apple blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft ncsc patching penetration testing phishing ransomware RDP security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM Unix vulnerability management web applications web browsers wireless

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more