Cybersecurity Dive January 19, 2024
David Jones

Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

The Cybersecurity and Infrastructure Security Agency issued an emergency directive Friday ordering Federal Civilian Executive Branch agencies to mitigate vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure devices.

A suspected nation-state hacker has chained two vulnerabilities together and injected webshells into more than 2,100 systems across a range of private sector companies and government agencies since December.

The attacks allow the hackers to gain persistent system access, enabling data exfiltration, credential theft and other malicious activity.

Federal agencies have been targeted as part of the exploitation activity, according to Eric Goldstein, executive assistant director for...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, HHS, Provider, Technology
Related Articles:
55% of COOs Use GenAI to Improve Data Security
How AI And ML Are Shaping The Future Of SSE
18 Cybersecurity Tools That May Cause A False Sense Of Security
What HHS' cybersecurity rule could mean for radiology
HIMSS leaders outline 2025 public policy priorities

Share This Article