CISA, FBI Name the Most Exploited Vulnerabilities Over the Past Year darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
By Patrick Perry
When the Department of Defense introduced the new Cybersecurity Maturity Model Certification (CMMC) program in 2020, all companies supporting DOD were faced with a new and potentially costly requirement.
While at first look this may feel like another government process that could slow things down, the stakes have never been higher. The SolarWinds attack, a state-sponsored attack where hackers infiltrated the SolarWinds Orion software supply chain to gain access to networks across the government and private sector and then pivot into deeper services, affected hundreds of organizations and at least nine federal agencies. The Colonial Pipeline ransomware attack shut down a major pipeline that supplies fuel to the eastern U.S., causing panic – and gas stations to run dry. The security flaw in Pulse Secure Connect may have impacted several federal agencies, giving hackers free reign over vulnerable networks. Zscaler just published a report analyzing the attack sur
Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support
iTWire Monday, 03 May 2021 10:02 Five US Government agencies attacked through Pulse Secure VPNs
Shares Image by Abigall Maddison from Pixabay
At least five US Government agencies have been breached in the latest attack aimed at the government, an official at the Cybersecurity and Infrastructure Security Agency says. CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorised access, deputy executive assistant director of Cybersecurity, Matt Hartman, said in
CNN. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
Businesses need to patch Pulse Secure VPNs
Vulnerabilities in Pulse Connect Secure VPN software have reportedly been exploited by attackers, some believed linked to China, to compromise networks. Credit: Dreamstime
Organisations using Pulse Secure’s mobile VPN should patch vulnerabilities reportedly being exploited in the wild, possibly by a “Chinese espionage actor”.
The patch - available here - is considered important enough that the Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies a deadline of April 23 to apply them. CISA’s guidance states that federal users of Pulse Connect Secure VPNs must use the company’s free utility to ascertain whether their devices are vulnerable.