HealthcareCISO

The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring executive branch agencies to mitigate by Friday the risks posed by a zero-day vulnerability and three other recently patched flaws in Pulse Connect Secure VPN products.

On Tuesday, Ivanti, the parent company of Pulse Secure, and the security firm FireEye warned that at least two nation-state attack groups, including one with links to China, were exploiting the vulnerability to target a range of victims, including U.S. government agencies, critical infrastructure providers and other private sector organizations.

CISA is ordering agencies to use the Pulse Connect Secure Integrity Tool to check