WASHINGTON: Pulse Connect Secure today released a security patch for its VPN product that is widely used by federal agencies, critical infrastructure operators, and the defense industrial base. The VPN allows the federal workforce to access enterprise networks from remote locations.
Ivanti, the parent company of the VPN developer, said it worked with CISA and other entities to address the zero-day vulnerability originally disclosed just weeks ago. This vulnerability is one of four that are being actively exploited in the wild. The other three vulnerabilities have been known since at least last year and have patches currently available.
The news comes as CISA confirmed Friday it’s investigating possible breaches at five federal agencies, all in connection with Pulse Connect Secure vulnerabilities. We don’t know which agencies are affected or the severity of any potential breaches.
CISA has said 24 federal agencies use Pulse Connect Secure.
The Pulse Connect Secure team wrote in a blog post that, since the vulnerability’s disclosure, it has “investigate[d] and respond[ed] quickly to malicious activity that was identified on a very limited number of customer systems.”
This included releasing a free online tool called Pulse Security Integrity Checker, which can be used to identify vulnerable systems. Two weeks ago, CISA issued an activity alert and emergency directive instructing all federal agencies to use the tool and report results back to CISA by April 23. Based on that information, CISA discovered evidence of the five potential agency breaches.
CISA has said the US government has not attributed the campaign yet.
This cyber campaign targeting agencies, critical infrastructure operators, and private companies is the third such disclosed over the past five months, to include the SolarWinds and Microsoft Exchange campaigns.
This content is courtesy of, and owned and copyrighted by, https://breakingdefense.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.