The Cybersecurity and Infrastructure Security Agency issued an emergency directive that requires agencies to implement vendor-published mitigation guidance immediately to Ivanti Connect Secure and Ivanti Policy Secure solutions.
Details: Ivanti previously released information regarding two vulnerabilities that allow attackers to move laterally across a target network, perform data exfiltration, and establish persistent system access. The emergency directive is designed to prevent future exploitation at federal civilian executive branch agencies, but CISA urges all organizations to adopt this guidance.
Resources: Additional community bank cybersecurity resources are available on ICBA's Cyber and Data Security resource center.