News

Norwegian government admits to having been hacked via zeroday in Ivanti

By admin
Spread the love

The Norwegian government confirms that hackers have penetrated Ivanti software at twelve ministries via a zero-day. The bug is an authentication bypass, but it is unknown what the hackers did in the Norwegian systems.

The national cybersecurity center, the Nasjonal sikkerhetsmyndighet, confirmed for the first time that the Norwegian government has been affected by a leak in Ivanti. Last week it was announced that twelve Norwegian ministries had been hacked, but the way in which this happened was unclear until then. The NSM now says that this happened by CVE-2023-35078.

The bug is an authentication bypass in Ivanti Endpoint Manager Mobile, which was formerly known as MobileIron. The bug made it possible to remotely bypass a system’s authentication and thus read information. This was possible by following specific API paths. The vulnerability receives a CVSS score of 10.

Twelve ministries were hit in the attack on the Norwegian government, but this did not include the Ministries of General Affairs, Defense and Foreign Affairs. The government previously did not provide details about the attack, but an update has now been made available by Ivanti through which the NSM wants to issue more information and a general warning. As far as we know, the attack on Norway is the only one in which the bug was actively exploited.

You might also like
News

Private: iPad 2025 prices: The cheapest iPad is now even cheaper

News

Private: Drive to Survive 2025: This is how you look for season 7 on Netflix for free

News

Private: MacBook Air 2025 Prices: This Mac is now a lot cheaper!

News

Private: Viaplay Offer: This way you can view Formula 1 with a 23% discount

News

Private: Apple releases Mac Studio 2025: once again an upgrade

News

Private: Apple reveals MacBook Air 2025 with M4 chip and lower price