The National Cyber Security Centre (NCSC) has issued a warning over a MobileIron vulnerability that has the potential to compromise the networks of UK organisations.
Organisations using the California-based enterprise mobile device management (MDM) provider's software could be targeted by Advanced Persistent Threat (APT) nation-state groups looking to exploit a critical remote code execution vulnerability, according to the NCSC.
The flaw, tracked as CVE-2020-15505, affects MobileIron Core and Connector products, specifically the following models: 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0, 10.6.0.0, 10.3.0.3 and earlier, Sentry versions 9.8.0, 9.7.2 and earlier, as well as the Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier.
The issue reportedly stems back to June 2020, when MobileIron released security updates to address several vulnerabilities in their products. However, users who had not applied the patches have since been the target of cyber attacks.
According to the NCSC, hostile state actors and cyber criminals have attempted to exploit the vulnerability since the publication of a proof of concept exploit became available in September 2020. The security organisation warned that remote attackers were already able to take advantage of the flaw by targeting healthcare, logistics, legal, and local government sectors.
The NCSC strongly advised UK organisations to refer to the MobileIron guidance, keeping informed of any future updates, as well as ensure that all affected versions have had the necessary updates installed.
IT Pro has contacted MobileIron for comment but the company has yet to respond. In an update published last month, the MDM provider said that it had “engaged in ongoing proactive outreach to help customers secure their systems”.
“That outreach has included calls from our account teams, regular targeted emails, and in-product notices. We currently estimate that between 90%-95% of all devices are now managed on patched/updated versions of our software. We continue to follow up with the remaining customers where we can determine that they have not yet patched or upgraded affected products,” it stated.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
Off-the-shelf ransomware is spurring a new era in the Ukraine warNews Experts agreed Russian forces could be overwhelmed, forced to use less sophisticated tools to meet the regime's demands
-
NCSC: “New class” of Russian cyber attackers seek to destroy critical infrastructureNews The cyber threat has been raised due to the heightened risk of ideologically driven cyber attacks from Russia-aligned adversaries
-
NCSC warns UK under state-sponsored spear-phishing attacks from Russia and IranNews The acceleration in spear-phishing campaigns last year coincided with the escalating conflict in Ukraine, according to the NCSC
-
NCSC founder details 'biggest regret' in underestimating organised cyber crimeNews In a rare public address, Martin also detailed his proudest achievement and how the idea for the NCSC came to be
-
Second Singtel subsidiary breach in a month sees customer and client data leakedNews The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telco
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
-
Cyber attack on software supplier causes "major outage" across the NHSNews Unconfirmed reports suggest the attack may be ransomware-related, while the NHS contends with disrupted services on the 111 non-emergency line
