US agency CISA takes Ivanti devices offline
The American Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency order calling on all federal agencies to take Ivanti devices offline. The background to this measure is the discovery of security gaps in network products from the manufacturer Ivanti. The “Ivanti Connect Secure” and “Ivanti Policy Secure” products are affected. CISA published conditions that must be met before the US manufacturer's devices are allowed back on the network. This includes resetting to factory settings and updating to a bug-fixed version. Passwords and certificates also have to be reissued. CISA writes on…