MobileIron Core has been in the news due to some rather gnarly vulnerabilities recently.

Patches are available, though Ivanti customers probably already know, and have hopefully patched by now!

Notable from the article below is the sheer number of public facing Core instances - 5500 according to a scan undertaken by Palo Alto Networks' Unit 42 🤯.

I can't think of any MI Core deployment I'd been involved with that didn't have Core safely tucked away from public access - as it should be - but of course I can't account for all use cases and scenarios that would justify it. I recall Vodafone had some open instances back in the day due to the nature of their hosted offering, for example.

Check out the link for full details.

🔗 https://www.theregister.com/2023/08/03/ivanti_cisa_norway_attack/