Security Alert for Ivanti Users

Important Security Alert for Ivanti Users

This message is for Australian organisations using Ivanti products.

Ivanti, a technology company, has discovered a serious security issue (called a vulnerability) in some of its products:

• Ivanti Connect Secure
• Ivanti Policy Secure
• Ivanti Neurons for ZTA
• Pulse Connect Secure (version 9.1X – which is no longer supported after 31 December 2024)

This security issue is being actively used by cybercriminals, meaning some systems could already be at risk.

What’s the problem?
The issue is a flaw that can be used by hackers to get into affected systems without needing a password. Ivanti has confirmed that attackers are already trying to use this flaw.

What should you do?

If your organisation uses any of the Ivanti products listed above, the Australian Cyber Security Centre (ACSC) recommends:

1. Follow Ivanti’s instructions for fixing the issue (these are on their website).
2. Update your systems with the latest security patches.
3. Make sure devices are set up properly to avoid easy access by hackers.
4. Check your systems for any unusual or suspicious activity that could mean an attacker has already broken in.
5. Keep an eye on connected systems for anything out of the ordinary.

‍