CISA: Patch Issued for Critical Pulse Secure VPN Flaw Under Active Attack
Health IT Security
Ivanti released a software update to patch a critical zero-day authentication bypass vulnerability in its Pulse Connect Secure (PCS) virtual private network (VPN) software, which the Department of Homeland Security Cybersecurity and Infrastructure Agency recently warned was under active attack.
The software update resolves the recently disclosed CVE-2021-22893, which is among a group of four vulnerabilities currently being targeted in an ongoing malicious campaign. The severely critical flaw was disclosed with mitigation measures, as Ivanti was continuing to work on a patch.
The three other flaws, CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243 were patched in 2019 and 2020 but some entities failed to apply the update.
Hackers have been actively targeting these flaws since...