Kevin Beaumont<p>Patch numbers globally for <a href="https://cyberplace.social/tags/MobileIrony" class="mention hashtag" rel="tag">#<span>MobileIrony</span></a> vuln are actually pretty good for a change.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
cyberplace.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Cybersecurity, fandom, video games, technology, dog photos and most importantly, you.
Administered by:
Server stats:
962active users
cyberplace.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#MobileIrony
0 posts · 0 participants · 0 posts today
Kevin Beaumont<p>CISA advisory says the zero day exploitation of <a href="https://cyberplace.social/tags/MobileIron" class="mention hashtag" rel="tag">#<span>MobileIron</span></a> was happening from "at least" April 2023 (which backs up from I wrote in my blog - i.e. I can see exploitation in logs going back to early this year). </p><p>Threat actors were uploading webshells and such. <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="tag">#<span>threatintel</span></a> <a href="https://cyberplace.social/tags/mobileirony" class="mention hashtag" rel="tag">#<span>mobileirony</span></a> </p><p><a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/news-events/cybersecu</span><span class="invisible">rity-advisories/aa23-213a</span></a></p>
Kevin Beaumont<p>The <a href="https://cyberplace.social/tags/MobileIrony" class="mention hashtag" rel="tag">#<span>MobileIrony</span></a> API endpoint is now public knowledge - it’s /mifs/aad/ </p><p>Yes, you just added to add ‘aad’ to access the admin API without auth and it’s been like that for years. </p><p><a href="https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-35078.yaml" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">github.com/projectdiscovery/nu</span><span class="invisible">clei-templates/blob/main/http/cves/2023/CVE-2023-35078.yaml</span></a></p>
Kevin Beaumont<p>The MobileIron vuln is definitely do the rounds in security circles as my honeypot is getting probed, admin lists dumped and disclosures from researchers. <a href="https://cyberplace.social/tags/MobileIrony" class="mention hashtag" rel="tag">#<span>MobileIrony</span></a> <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="tag">#<span>threatintel</span></a></p>
Kevin Beaumont<p>I did write up of this, complete with a logo - behold <a href="https://cyberplace.social/tags/MobileIrony" class="mention hashtag" rel="tag">#<span>MobileIrony</span></a>, a term coined by <span class="h-card" translate="no"><a href="https://infosec.exchange/@Newk" class="u-url mention">@<span>Newk</span></a></span> <a href="https://cyberplace.social/tags/threatintel" class="mention hashtag" rel="tag">#<span>threatintel</span></a> <br /><a href="https://doublepulsar.com/mobileirony-backdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1?sk=4915c0011cfce52e58d3ab81d9bb2373" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">doublepulsar.com/mobileirony-b</span><span class="invisible">ackdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1?sk=4915c0011cfce52e58d3ab81d9bb2373</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload