State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries.
The UK’s National Cyber Security Centre (NCSC) has issued an alert warning that a number of groups are currently using a vulnerability in MDM software from MobileIron.
MDM systems allow system administrators to manage an organisation’s mobile devices from a central server, making them a valuable target for criminals or spies to break into.
SEE: Network security policy (TechRepublic Premium)
In June 2020, MobileIron released security updates to address several vulnerabilities in its products. This included CVE-2020-15505, a remote code execution vulnerability. This critical-rated vulnerability affects MobileIron Core and Connector products, and could allow a remote attacker to execute arbitrary code on a system.
The NCSC is aware that nation-state groups and cyber criminals “are now actively attempting to exploit this