Cybersecurity Dive March 11, 2024
Matt Kapko

The nation’s cyber defense agency was hit “about a month ago” by widely exploited vulnerabilities in the popular remote access VPN product.

The Cybersecurity and Infrastructure Security Agency was hit by a cyberattack earlier this year after a yet-to-be identified threat actor intruded the agency’s systems by exploiting critical vulnerabilities in Ivanti products.

“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson told Cybersecurity Dive Friday. Threat actors started widely exploiting a pair of zero-day vulnerabilities in Ivanti Connect Secure and other remote access VPNs in early December.

“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems,...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, Technology
Related Articles:
Solution Under Review: The Battle For Industrial Cybersecurity
Clark on Connecting: Loyalty and Cybersecurity Go Hand in Hand
M&A Cyber Success Depends on Communication, an Honest Evaluation of Each Side’s Strengths & Risks, and an Open Mind
Six Cybersecurity Trends Heating Up In 2025
Five Things The C-Suite Gets Wrong About Cybersecurity

Share This Article