more Log4j

• Log4j zero-day: How to protect yourself
• Apache releases new 2.17.0 patch
• Security firm discovers new attack vector
• 10 questions you need to be asking
• Governments release Log4j advisory
• So far, nearly half of corporate networks have been attacked
• US: Hundreds of millions of devices at risk

Cybersecurity company NCC Group is warning users of MobileIron products to patch their systems since finding exploitations through the Log4j vulnerability. 

NCC Group researchers have so far seen five instances in their client base of active exploitation of Log4Shell in MobileIron, noting that the "global scale of the exposure appears significant."

In a blog post updated on Wednesday, the company shared a screenshot of a Shodan search showing 4,642 instances around the world. 

NCC Group Global CTO Ollie Whitehouse toldZDNetthat Shodan isn't real-time but that there has been a small drop in total systems since yesterday.

Ivanti, which acquired MobileIron in December 2020, toldZDNetthat customers using MobileIron were provided with mitigation steps and guidance this weekend.

NCC Group

Ivanti VP of security Daniel Spicer said that after a review of their products, they found the Log4j vulnerability impacting all versions of MobileIron Core, MobileIron Sentry, Core Connector, and Reporting Database (RDB). Those using the MobileIron Cloud are not affected by the issue. 

"Over the weekend, we informed our customers and highly recommended that they follow the tested mitigations outlined in our Community Forum. Since then, we have stayed in regular communication with our customers," Spicer said. 

"Patching all systems for known vulnerabilities and ensuring the latest versions of Ivanti solutions are running is the best way for our customers to protect their environments from threats. Unfortunately, security threats across the industry will persist." 

Ivanti released an advisory and said the risk associated with CVE-2021-44228 is high "because these products sit in the DMZ and are vulnerable to a RCE attack due to the CVE." 

The mitigation instructions provided involve the removal of a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library, which removes the ability to perform the RCE attack, Ivanti explained. 

Cerberus Sentinel vice president Chris Clements said the number of vulnerable applications was not a ton at internet scale, but he noted the larger concern that the successful exploitation of these systems could allow an attacker to potentially compromise tens of thousands of mobile and computing devices managed by the MobileIron systems.

"That is a big deal. We are going to be dealing with the fallout from the Log4j vulnerability for a long time, I'm afraid," Clements said. 

The UK's National Cyber Security Centre (NCSC) issued an alert warning in December 2020 that a number of state-backed hackers and criminal gangs were using a vulnerability in MDM software from MobileIron. The company's MDM servers were previously targeted by hackers through other vulnerabilities. 

Last December, Ivanti purchased outstanding MobileIron stock for roughly$872 million, representing a 27% premium on the firm's share price at the time. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next