A leading US security agency has issued an emergency directive requiring all of the government’s civilian federal agencies to mitigate two zero-days under active exploitation. Emergency Directive 24-01 was issued on Friday in response to “widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.” CISA director, Jen Easterly, argued that the vulnerabilities pose “significant, unacceptable risks” not only to government agencies but all organizations.

Source: Infosecurity