The Cybersecurity and Infrastructure Security Agency has released new mitigations to address vulnerabilities in Ivanti’s Connect Secure and Policy Secure platforms and warned that threat actors have developed workarounds to current detection methods.
CISA said Tuesday cyberthreat actors continue to exploit vulnerabilities in Ivanti’s remote access virtual private network devices to capture credentials or drop webshells to enable remote access to compromised enterprise networks.
The agency is urging federal civilian agencies running Ivanti Connect Secure and Policy Secure gateways to perform continuous threat hunting on any systems connected to the devices and monitor authentication, account usage and identity management services.
Agencies must also isolate potentially exposed systems from any enterprise resources as much as possible.
CISA recently released an emergency directive warning against weaknesses in two Ivanti devices that enable malicious threat actors to exfiltrate data and establish persistent system access.
