Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Naukri has published the recruiter's email address, researchers say

May 24, 2025

Khosla ventures among VCS experimenting with AI injection rollups in mature companies

May 23, 2025

Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

May 23, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Digg Founder Kevin Rose offers to buy a pocket from Mozilla

    May 23, 2025

    Bluesky begins to check for “notable” users

    May 22, 2025

    Mozilla shuts down its Read-It-Later app pocket

    May 22, 2025

    Opening a Social Web Browser Surf makes it easy for anyone to create custom feeds

    May 22, 2025

    Anthropic's new Claude4 AI model can be inferred in many steps

    May 22, 2025
  • Crypto

    Only 3 days left to save up to $900 to destroy the 2025 pass

    May 23, 2025

    Starting from up to $900 from Ticep, 90% off +1 in 2025

    May 22, 2025

    Early savings for 2025 will end on May 25th

    May 21, 2025

    Coinbase says its data breach will affect at least 69,000 customers

    May 21, 2025

    There are 6 days to save $900 to destroy 2025 tickets

    May 20, 2025
  • Security

    Naukri has published the recruiter's email address, researchers say

    May 24, 2025

    Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

    May 23, 2025

    Artemis Seaford and Ion Stoica cover the ethical crisis in their sessions: AI

    May 23, 2025

    Mysterious hacking group Careto was run by the Spanish government, sources say

    May 23, 2025

    Microsoft says Lumma Password Stealer Malware found on 394,000 Windows PCs

    May 22, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    Khosla ventures among VCS experimenting with AI injection rollups in mature companies

    May 23, 2025

    Klarna CEO and Sutter Hill wins lap after Jony Ive's Openai deal

    May 22, 2025

    Wild story of how Moxxie-led Intestinal Toilet Startup Sloan was registered as a gut toilet startup throne

    May 22, 2025

    Submitted submission raises $17 million to automate tax preparation dr voyages

    May 21, 2025

    In a busy VC landscape, Elizabeth Weil's graffiti venture shows that networks are still important

    May 21, 2025
TechBrunchTechBrunch

US gives federal agencies 48 hours to disconnect flawed Ivanti VPN technology

TechBrunchBy TechBrunchFebruary 1, 20243 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


US cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances due to the risk of malicious exploitation due to multiple software flaws.

In an updated version of the emergency directive first announced last week, CISA now requires all federal civilian executive branch agencies (a list that includes the Department of Homeland Security and the Securities and Exchange Commission) to shut down all federal agencies due to “serious threats.” Requires disconnecting the Ivanti VPN appliance. It is caused by numerous zero-day vulnerabilities that are currently being exploited by malicious hackers.

Federal agencies typically have several weeks to patch vulnerabilities, but CISA mandates that Ivanti VPN appliances be disconnected within 48 hours.

“Resellers running affected products (Ivanti Connect Secure or Ivanti Policy Secure solutions) should immediately perform the following tasks: as soon as possible, but no later than Friday, February 2, 2024, at 11:00 p.m. “By 59 minutes, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure Solutions products from the Ivanti Policy reseller network,” the emergency directive updated Wednesday states.

CISA's warning comes just hours after Ivanti announced it had discovered a third zero-day flaw that is being actively exploited.

Security researchers say Chinese state-sponsored hackers have been exploiting at least two flaws in Ivanti Connect Secure since December, tracked as CVE-2023-46805 and CVE-2024-21887. Ivanti announced on Wednesday that it had discovered two additional flaws, CVE-2024-21888 and CVE-2024-21893. The latter is already being used for “targeted” attacks. CISA previously said it “observed initial targeting of federal agencies.”

Steven Adair, founder of cybersecurity company Volexity, told TechCrunch on Thursday that at least 2,200 Ivanti devices have been compromised so far. This is an increase of 500 from the 1,700 number the company tracked earlier this month, although Volexity notes that “the total number is likely much higher.”

In an update to its emergency directive, CISA urges government agencies to continue threat hunting on systems connected to affected devices even after disconnecting vulnerable Ivanti products and detect potentially compromised certificates. Or told them they need to monitor their identity management services and continue auditing privileges. level access account.

CISA also provided instructions for restoring Ivanti appliances to online operation, but did not give federal agencies a deadline to do so.

“CISA effectively directed federal agencies on how to deploy what is considered a completely new and patched installation. [Ivanti Connect Secure] as a requirement to get the VPN device back online,” Adair told TechCrunch. “If an organization wants absolute assurance that a device is operating in a known good and reliable state, that's probably the best course of action.”

Ivanti announced this week that it will be updating the list of affected individuals affected by the first two vulnerabilities after CISA warned in an advisory that malicious attackers had circumvented published mitigations for the first two vulnerabilities. A patch has been provided for the department's software version. Ivanti also reminded customers to factory reset their appliances before applying the patch to prevent hackers from becoming persistent on their networks.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Naukri has published the recruiter's email address, researchers say

May 24, 2025

Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

May 23, 2025

Artemis Seaford and Ion Stoica cover the ethical crisis in their sessions: AI

May 23, 2025

Mysterious hacking group Careto was run by the Spanish government, sources say

May 23, 2025

Microsoft says Lumma Password Stealer Malware found on 394,000 Windows PCs

May 22, 2025

Signal's new Windows update prevents the system from capturing screenshots of chat

May 22, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Naukri has published the recruiter's email address, researchers say

May 24, 2025

Khosla ventures among VCS experimenting with AI injection rollups in mature companies

May 23, 2025

Apple CEO reportedly urged the Texas governor to abandon the online child safety bill

May 23, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.