Cybersecurity Dive March 11, 2024
Matt Kapko

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

The Cybersecurity and Infrastructure Security Agency was hit by a cyberattack earlier this year after a yet-to-be identified threat actor intruded the agency’s systems by exploiting critical vulnerabilities in Ivanti products.

“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson told Cybersecurity Dive Friday. Threat actors started widely exploiting a pair of zero-day vulnerabilities in Ivanti Connect Secure and other remote access VPNs in early December.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems,...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Technology
Related Articles:
Fortifying The Future: Building AI Security On A Solid Foundation
OWASP's Top 10 NHI Risks: A Wake-Up Call For Modern Cybersecurity
550 rural hospitals join Microsoft's cybersecurity program
HIMSS25 kicks off: 'Not all that happens in Vegas should stay in Vegas'
Trump's push to work with Russia is upending U.S. cyber strategy

Share This Article