Hackers exploit Pulse Secure VPN flaws in sophisticated global campaign cloudpro.co.uk - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from cloudpro.co.uk Daily Mail and Mail on Sunday newspapers.
CISA Issues Deadline for Federal Agencies to Address Pulse Secure Vulnerabilities lucadp/iStock.com
email April 21, 2021 01:08 PM ET
The vulnerabilities led to the compromise of government agencies early last summer and, together with a newly disclosed flaw, continue to be exploited.
Federal agencies have until 5 p.m. Eastern Standard Time April 23 to implement an emergency directive the Cybersecurity and Infrastructure Security Agency issued on vulnerabilities affecting virtual private networking service Pulse Secure Connect, which have already compromised federal agencies.
“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor or actors beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products,” reads an alert accompanying the di
U S warns hackers actively exploiting remote access software used by federal agencies washingtontimes.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from washingtontimes.com Daily Mail and Mail on Sunday newspapers.
IT software firm Ivanti, which acquired Pulse Secure late last year, today confirmed attackers have targeted a limited number of customers using Pulse Connect Secure (PCS) appliances. It has been working with Mandiant, the Cybersecurity and Infrastructure Security Agency (CISA), and others to respond to the exploits, which target three known vulnerabilities and a zero-day.
The three known flaws include CVE-2020-8243, CVE-2020-8260, and CVE-2019-11510, which CISA recently warned is among several CVEs under attack by the Russian Foreign Intelligence Service (SVR) in its efforts to target US and allied networks, including national security and government systems. All of these vulnerabilities were patched in 2019 and 2020, Ivanti says.
Chinese APT exploits critical CVE in Pulse Secure VPN computerweekly.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from computerweekly.com Daily Mail and Mail on Sunday newspapers.