CISA has issued an emergency directive, Emergency Directive 24-01, urging federal agencies to patch Ivanti software, particularly Ivanti EPMM and Ivanti Connect Secure and Policy Secure, as soon as possible due to a critical flaw, CVE-2023-35082, being exploited in the wild. This vulnerability is separate from the Ivanti VPN vulnerabilities that have been used in widespread attacks and represents the third Ivanti vulnerability reported to be exploited. Agencies must implement vendor-published mitigation guidance immediately and check for intrusions, with a compliance deadline set for the upcoming Tuesday.
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits: https://t.co/m4vhlLmzXR by The Hacker News #infosec #cybersecurity #technology #news
🚨CISA issues emergency directive against two major zero-day actively exploited flaws in Ivanti products. Learn more: https://t.co/DgfWSEIGR7 Patch your Ivanti Connect Secure and Policy Secure ASAP.
.@CISAgov issues emergency directive for federal agencies to patch Ivanti VPN vulnerabilities, @chrismvasq reports. https://t.co/55XphMyy1x
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports: https://t.co/NGq0dTfwZl by darkreading #infosec #cybersecurity #technology #news
CISA's worried enough about major vulnerabilities in Ivanti networking software that it's issuing an emergency directive ordering agencies that use the software to apply the mitigation and check for intrusions. Agencies have until Tuesday to comply. https://t.co/8IA9AisFLh https://t.co/9yCvMgFudg
We issued Emergency Directive 24-01: Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities, requiring agencies to implement vendor published mitigation guidance immediately. If your org uses these products, pls read this directive. https://t.co/poeiG75ycP https://t.co/sWNKMoJ7zh
Ivanti Mobile Management Vulnerability Seeing Exploitation: CISA: https://t.co/88H5nefpdb The issue is separate from the Ivanti VPN vulnerabilities that have recently been used in widespread attacks.
🆘 Patch your Ivanti ASAP! CISA urges action, especially for government agencies. A critical flaw (CVE-2023-35082) in Ivanti EPMM is being exploited in the wild, giving attackers access to your data. Don't wait, read more: https://t.co/Ico82JNaw8 #hacking #cybersecurity
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet: https://t.co/KFjek7qxiu by darkreading #infosec #cybersecurity #technology #news
Ivanti VPN Vulnerabilities Seeing ‘Mass Exploitation:’ Researchers: https://t.co/iZU2HpIs8O While no patches are available yet, Ivanti urged customers to “apply the mitigation immediately,” with threat actors now exploiting the flaws to carry out worldwide attacks.