Five U.S. Agencies May Have Been Hacked Through Ivanti Flaws
Apr 30 2021, 9:55 PM
April 30 2021, 4:44 AM
April 30 2021, 9:55 PM
(Bloomberg) The U.S. Department of Homeland Security has determined that flaws in Ivanti Inc.âs products may have allowed hackers to breach at least five federal agencies.
(Bloomberg) The U.S. Department of Homeland Security has determined that flaws in Ivanti Inc.âs products may have allowed hackers to breach at least five federal agencies.
The Departmentâs Cybersecurity and Infrastructure Security Agency, known as CISA, has been working with organizations targeted through vulnerabilities in Ivantiâs Pulse Connect Secure products and required federal civilian agencies to run a tool designed to find them.
Get Permission
The Cybersecurity and Infrastructure Security Agency is investigating whether five government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior agency official.
Earlier this month, researchers at the security firm FireEye published a report about attack groups attempting to exploit four Pulse Connect Secure vulnerabilities, including a zero-day flaw discovered in April that s now tracked as CVE-2021-22893.
Ivanti, the parent company of Pulse Secure, has issued a mitigation fix for the zero-day vulnerability and has urged customers to apply it.
Following the disclosure by FireEye and Ivanti, CISA issued an emergency directive requiring executive branch agencies to run tests using the Pulse Connect Secure Integrity Tool to check the integrity of file systems within their networks and report back the results to the agency on April 23.
CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.