CISA cautioned last month about threat actors exploiting multiple Ivanti vulnerabilities
'Assume a sophisticated threat actor may deploy rootkit level persistence'
CISA's directive gives federal agencies until 23rd January to implement measures against these vulnerabilities
Group installs custom malware on routers to compromise firms
Apple issues emergency updates after spyware attack observed using zero-day vulnerability
Unauthenticated attackers are able to upload arbitrary files to compromised systems
Follows a request made by Senator Wyden to initiate measures against Microsoft
Fortinet, Exchange Server and Atlassian flaws are in the top 12 compiled by Five Eyes intelligence agencies
Patch now, urges CISA
Senator Wyden also says Microsoft never took responsibility for its part in the SolarWinds hack