Priya PatelTLDR:
- The US Cybersecurity and Infrastructure Security Agency (CISA) was hacked by an unidentified hacker, compromising two of its systems in February.
- The hacker exploited vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure products.
The US Cybersecurity and Infrastructure Security Agency (CISA) recently announced that it had been hacked by an unidentified individual, resulting in the compromise of two of its systems in February. The hacker exploited vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure products, both network gateways. Despite CISA releasing advisories about these vulnerabilities, the agency remained vulnerable, questioning the effectiveness of Ivanti’s Integrity Checker Tool in detecting compromise.
In response, Ivanti claimed they had not observed any activity matching CISA’s description in the wild. While CISA did not identify the hackers, the incident served as a warning that any organization could fall victim to cyber vulnerabilities. CISA urged all organizations to review their latest advisory on Ivanti products and take necessary steps to protect their systems.
Overall, the incident highlighted the importance of cybersecurity measures and incident response plans in the face of evolving cyber threats.
