CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday. Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs , which act as digital gatekeepers to protect company networks from unauthorized access. …