The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive today requiring agencies to mitigate “widespread and active exploitation” of vulnerabilities in Ivanti Connect Secure VPN and Policy Secure network access control appliances. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to Federal agencies today, requiring them to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on July 13 ordering Federal agencies to disable the Microsoft Windows Print Spooler service, after discovering a vulnerability that allows attackers to remotely take over systems and enable adversaries to compromise the entire identity infrastructure of an agency. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on March 3 issued an emergency directive to Federal civilian agencies to patch a critical vulnerability in Microsoft Exchange on-premises products.  The agency said that cloud services such as Microsoft 365 and Azure systems “are not known to be affected by this vulnerability.” […]