The CISA or The Cybersecurity and Infrastructure Security Agency is a government agency responsible for making sure that the US is prepared to defend itself against cyber threats. And I’ve posted lots of stuff about the actions that they’ve take to protect the US over the years. So when a story from The Record crossed my desk, I said to myself “that’s not a good look for them”:
Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.
A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago.
“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said.
“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”
CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline. Ivanti makes software that organizations use to manage IT, including security and system access.
In short, the CISA got pwned using exploits related to Ivanti products. Now it’s not know if it was the same Ivanti products that the CISA told government agencies to disconnect back in February. But this is absolutely not a good look because when the guys who are supposed to issue guidance and direction about not getting pwned by hackers are actually pwned by hackers, we’re all in deep trouble. And the fact that the hack was limited to a couple of systems doesn’t really matter. What matters is that it happened, and questions need to be asked as to how to ensure that it doesn’t happen again.
Like this:
Like Loading...
Related
This entry was posted on March 11, 2024 at 8:13 am and is filed under Commentary with tags CISA, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The CISA Was Pwned By Hackers… That’s Not A Good Look
The CISA or The Cybersecurity and Infrastructure Security Agency is a government agency responsible for making sure that the US is prepared to defend itself against cyber threats. And I’ve posted lots of stuff about the actions that they’ve take to protect the US over the years. So when a story from The Record crossed my desk, I said to myself “that’s not a good look for them”:
Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.
A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago.
“The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said.
“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”
CISA declined to answer a range of questions about who was behind the incident, whether data had been accessed or stolen and what systems were taken offline. Ivanti makes software that organizations use to manage IT, including security and system access.
In short, the CISA got pwned using exploits related to Ivanti products. Now it’s not know if it was the same Ivanti products that the CISA told government agencies to disconnect back in February. But this is absolutely not a good look because when the guys who are supposed to issue guidance and direction about not getting pwned by hackers are actually pwned by hackers, we’re all in deep trouble. And the fact that the hack was limited to a couple of systems doesn’t really matter. What matters is that it happened, and questions need to be asked as to how to ensure that it doesn’t happen again.
Share this:
Like this:
Related
This entry was posted on March 11, 2024 at 8:13 am and is filed under Commentary with tags CISA, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.