CISA said it was issuing the directive amid evidence of “ongoing exploitation” of the vulnerabilities occurring, adding the activity started as far back as June 2020 and has claimed numerous victims.
Specifically, CISA said the vulnerabilities have so far been exploited to result in compromises of U.S. government agencies, critical infrastructure entities and private sector organizations alike.
CISA explained that successful exploitation of the Pulse Connect Secure vulnerabilities could enable a hacker to gain persistent access into a system where the software has been installed.
“CISA has determined that this exploitation of Pulse Connect Secure products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” the agency stated.
CISA Orders Agencies to Mitigate Pulse Secure VPN Risks
databreachtoday.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from databreachtoday.com Daily Mail and Mail on Sunday newspapers.
Hackers exploit unpatched bugs to attack governments, contractors
scmagazine.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from scmagazine.com Daily Mail and Mail on Sunday newspapers.
Hackers exploit Pulse Secure VPN flaws in sophisticated global campaign
cloudpro.co.uk - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from cloudpro.co.uk Daily Mail and Mail on Sunday newspapers.
CISA Issues Deadline for Federal Agencies to Address Pulse Secure Vulnerabilities lucadp/iStock.com
email April 21, 2021 01:08 PM ET
The vulnerabilities led to the compromise of government agencies early last summer and, together with a newly disclosed flaw, continue to be exploited.
Federal agencies have until 5 p.m. Eastern Standard Time April 23 to implement an emergency directive the Cybersecurity and Infrastructure Security Agency issued on vulnerabilities affecting virtual private networking service Pulse Secure Connect, which have already compromised federal agencies.
“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor or actors beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products,” reads an alert accompanying the di