back to article Ivanti plugs critical bug – but not before it was used against Norwegian government

A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole. On Monday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-35078 to its Known Exploited Vulnerabilities …

  1. Anonymous Coward
    Anonymous Coward

    Value for money

    It might be expensive, but you get more bugs for your buck than with cheaper software.

  2. Paul Crawford Silver badge

    Seems that software that can poke in to all of your devices to "manage" them is also a most excellent vector for attack.

    Place your bets: the forgotten and unpatched box in the cupboard, or the tools designed to avoid them lingering?

    1. Anonymous Coward
      Anonymous Coward

      Why do you think the Solarwinds hack raised such a fuss?

  3. FlamingDeath Silver badge

    Look ma, I made a program

  4. Anonymous Coward
    Anonymous Coward

    Our IT team pushed an emergency update of the Ivanti Secure Access Client (for VPN access, formerly Pulse Secure) to all connected PCs a few days ago. Coincidence?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like