Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

CISA’s Emergency Response to Ivanti VPN Security Flaws

Targeted attacks on a diverse range of sectors.
Kelsey Brandt
Contributing Writer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical emergency directive in response to severe vulnerabilities discovered in Ivanti Connect Secure and Ivanti Policy Secure products. This urgent directive, aimed at all Federal Civilian Executive Branch (FCEB) agencies, calls for immediate action to mitigate the risks posed by two zero-day flaws, CVE-2023-46805 and CVE-2024-21887.

These vulnerabilities have been exploited in widespread and active attacks by multiple threat actors, including a suspected Chinese state-backed group. The directive outlines specific actions that federal agencies must undertake to mitigate the risks associated with these vulnerabilities.

Why it matters: The directive reflects the severity and urgency of the threat posed by these vulnerabilities, which enable attackers to execute arbitrary commands, move laterally within networks, exfiltrate data, and establish persistent system access. The wide range of affected organizations, including government and military departments, telecom companies, and financial institutions, underscores the potential for significant national security and economic impacts.

  • CISA’s directive, Emergency Directive ED 24-01, requires federal agencies to implement Ivanti’s publicly disclosed mitigation measures, report compromises, and remove compromised products from networks. Agencies must also reset passwords, revoke certificates, and apply updates within 48 hours of their release.
  • Ivanti has provided temporary mitigations and is expected to release comprehensive fixes. Agencies must follow specific recovery instructions, including revoking and reissuing certificates and resetting passwords.
  • Attackers have been observed deploying cryptocurrency miners and various malware strains. The attacks have targeted a diverse range of sectors, highlighting the broad impact of these vulnerabilities.
  • Over 2,100 devices globally have been backdoored using a GIFTEDVISITOR webshell variant.

Go Deeper -> Ivanti spots ‘sharp increase’ in targeting of VPN as analysts find 1,700 devices exploited – The Record

ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities – CISA

CISA Issues Emergency Directive to Federal Agencies at Risk of Ivanti VPN Hack – Spiceworks

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters