Featured in this episode of Tech News of the Week
Stop me if you’ve heard this one before: Network hardware company is identified as having a crucial security bug- crucial enough that the recommended fix is to stop using it completely. This was worse the last time it happened, back when we were told to basically nuke all Barracuda Email Secure Gateways from orbit.
THIS time around, a crucial security bug was found in Ivanti’s Connect Secure and Policy Secure products, such that the fix required by CISA is “unplug them immediately and do a force factory reset before even considering using them again.”
In both cases there were authentication bypass and command injection vulnerabilities that would allow full administrative control from anywhere. Since these products are internet facing.. Well. Lets just say it makes sense that the best thing to do is turn them off immediately.
If you’re keeping score at home you might think this is redundant, as this bug first made the news 2 weeks ago. This is an update to the same bug, as the original notice stated that a temporary workaround would be sufficient. Suffice it to say… it was not.