Ivanti Flaws Lead to Breach of Five US Agencies

The US Department of Homeland Security reported that vulnerabilities in Ivanti Inc.’s products have lead to the breach of at least five federal agencies.

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States said that breaches were made possible by vulnerabilities found in virtual private networking software made by Pulse Connect Secure, a subsidiary of Ivanti.

CISA has not yet disclosed the agencies that were affected but said that they”are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”

Ivanti announced that they are already cooperating with CISA, FireEye, and Stroz Friedberg to investigate and respond to the breaches and is offering a tool for customers to use to test their appliances if they have been affected/ 

Ivanti however said that a fix for the vulnerability would not be unavailable until early May.

CISA has already recently released an Emergency Directive requiring agencies using Pulse Connect Secure virtual private networks and other products to take steps to find and mitigate possible breaches. 

The breaches have not been attributed yet to any state actors Charles Carmakal, a senior vice president and chief technology officer at FireEye said that hackers suspected to be based in China were using Pulse Secure virtual private networks to hack into dozens of organizations for alleged espionage operations. 

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.