The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering federal agencies to patch vulnerabilities in Ivanti VPN software that are being actively exploited. The directive applies to a series of vulnerabilities publicly disclosed by Ivanti on 10 January. Some 2,100 devices worldwide have already been affected. The attacks appear to be largely opportunistic, and CISA has yet to attribute any actor to the campaign. It has now warned US federal agencies of “widespread and active exploitation” and urged them to meet a deadline on Tuesday for patching their systems.
CISA’s urgent fix: Ivanti VPN holes Patch now, federal agencies
Latest from News
CISA alert: Watch your credentials in FY23 risk assessment
TLDR: CISA warns about the risk of credential access in FY23 risk & vulnerability assessment IBM’s X-Force Threat Intelligence Index 2024 also identifies credential
Stay safe online AARP Virginia Fraud Alert: Cyber Security Awareness
TLDR: Key Points: October is National Cybersecurity Awareness Month Important tips to stay safe online include using strong passwords, enabling multi-factor authentication, updating software,
Aussie Cyber Pros Reveal Rising Stress Levels
TLDR: Australian cybersecurity professionals are facing increased job stress due to a complex threat landscape, low budgets, and hiring challenges. The industry prefers candidates
Proxy statements: Boards’ AI and cyber-security oversight, forecasting ahead
TLDR: Proxy statements have evolved from compliance documents to key tools for communicating with shareholders. Ron Schneider from Donnelley Financial Solutions discusses best practices
Businesses taking action against cyber threats: PwC shows readiness
TLDR: Organisations are taking action towards cyber resilience, with 77% expecting their cyber budget to increase over the coming year. PwC’s survey highlighted that