Communications of the ACM

Home/News/Multiple Agencies Breached by Hackers Using Pulse.../Full Text

ACM TechNews

Multiple Agencies Breached by Hackers Using Pulse Secure Vulnerabilities

By The Hill
April 26, 2021
Comments

View as: Print Mobile App Share:

Hackers breached multiple government agencies and other critical organizations by exploiting vulnerabilities in products from a Utah-based software company, according to federal authorities.

Credit: CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said hackers had infiltrated federal agencies and other critical organizations by exploiting flaws in products from Utah-based software company Ivanti Pulse Connect Secure (PCS).

The CISA alert followed cybersecurity group FireEye's Mandiant Solutions' publication of a blog post attributing some breaches to a Chinese state-sponsored hacking group and another Chinese advanced persistent threat group.

CISA said hackers had installed webshells in PCS products, which enabled them to circumvent security features.

The agency said Ivanti was developing a patch, adding that it "strongly encouraged" all users to update to the latest version of the software and to look for signs of breaches.

CISA issued an emergency directive requiring all federal agencies evaluate how many PCS products they and third-party organizations used, and to update them by April 23.

From The Hill
View Full Article

No entries found

Multiple Agencies Breached by Hackers Using Pulse Secure Vulnerabilities

Your Body Is Your Next Security Key

Undergraduate Computer Science Curricula

A Multifaceted Perspective on the Interdisciplinarity of Data Science