CISA orders U.S. agencies to patch exploited Check Point VPN zero-day within 3 days

AI-Generated Summary

2 sources

14 hours ago

1 views

CISA orders U.S. agencies to patch exploited Check Point VPN zero-day within 3 days

Key Points

CISA directs U.S. federal agencies to patch and mitigate a Check Point Remote Access VPN and Mobile Access vulnerability.
The vulnerability is described as a zero-day that is actively exploited in real-world attacks.
Reporting attributes exploitation to ransomware-linked activity associated with Qilin affiliates.
Check Point reports attackers have compromised dozens of organizations using the VPN flaw.
CISA requires remediation within a three-day timeframe.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to address a critical vulnerability in Check Point Remote Access VPN and Mobile Access deployments that is being exploited in ongoing attacks. According to reporting cited by both outlets, the issue is actively used as a zero-day to compromise victims, including organizations across the U.S. government. CISA instructs agencies to patch the affected systems and take mitigation steps within a three-day window.

The exploitation is attributed to ransomware affiliates connected to Qilin, which are described as using the VPN flaw to gain access and then deploy ransomware operations. TechCrunch reports that Check Point said attackers breached dozens of organizations by exploiting the vulnerability in products deployed across government environments. Bleeping Computer similarly describes CISA’s directive as a response to evidence that the vulnerability is under active exploitation.

Both sources frame the action as an urgent federal cybersecurity measure, emphasizing the need for immediate remediation of the vulnerable VPN components to limit further intrusions and potential ransomware impact.

How Outlets Covered This Story

TEC

TechCrunch

CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.

6 hours ago

BLE

Bleeping Computer

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

15 hours ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

CISA orders U.S. agencies to patch exploited Check Point VPN zero-day within 3 days

TechRadar publishes daily Quordle hints and answers for multiple dates

NYT Connections and Strands puzzles: hints and answers published across multiple outlets

NYT Strands daily guides provide hints, clues, and answers for multiple dates