• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CISA adds 41 vulnerabilities to catalog of exploited bugs

You are here: Home / General Cyber Security News / CISA adds 41 vulnerabilities to catalog of exploited bugs
May 27, 2022

A digital version of the US flag, the right side of which has been transformed to binary code

The Cybersecurity and Infrastructure Security Agency (CISA) extra 41 vulnerabilities to its catalog of recognised exploited bugs this week.

The batch is a person of the major to be included to the record because the firm commenced compiling it back in November past calendar year, with the additions including bugs relating to the likes of Microsoft, Apple, Google, Cisco, Adobe, Fb, WhatsApp, Mozilla, Kaseya, Artifex, and QNAP.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The dates of these vulnerabilities array from 2016 to 2021, with the CISA providing federal companies right up until June 13 and 14 to supply patches and “reduce their publicity to cyber attacks”.

The organisation says it provides exploited vulnerabilities “when they turn into known”. issue to an government critique and when they satisfy three key thresholds: the vulnerability has an assigned Widespread Vulnerabilities and Exposures (CVE) ID, there is reputable proof that it has been actively exploited in the wild, and when there is distinct remediation action for the bug.

The oldest of the batch dates again to 2016 and issues a Microsoft Internet Explorer Disclosure Vulnerability titled CVE-2016-0162, utilised to allow remote attackers to establish the existence of information by way of crafted JavaScript code.

The most modern listing is a Cisco IOS XR open up port vulnerability (CVE-2022-20821), which was fixed final week. This bug is used to allow an unauthenticated, remote attacker to access the Redis instance that is jogging in the NOSi container.

Elsewhere, two Android Linux Kernel flaws were being also added – CVE-2021-1048 and CVE-2021-0920 – which have been known to only be utilised in minimal attacks against Android equipment.

CISA also stated the Windows elevation of privileges vulnerability (CVE-2020-0638). Even with remaining disclosed back in 2020, the flaw was continue to becoming made use of by ransomware gang Conti as portion of corporate attacks this yr.

The listing of vulnerabilities ended up added to the catalog in two components, with CISA supplying federal organizations until eventually June 13th for the 21 additional on Monday, and until finally June 14th for the 20 detailed on Tuesday.


Some sections of this short article are sourced from:
www.itpro.co.uk

Previous Post: «intuit issues yet another phishing warning to quickbooks customers Intuit issues yet another phishing warning to QuickBooks customers

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA adds 41 vulnerabilities to catalog of exploited bugs
  • Intuit issues yet another phishing warning to QuickBooks customers
  • Critical Flaws in Popular ICS Platform Can Trigger RCE
  • Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins
  • NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments
  • Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices
  • Report Explores Child’s Data Safety Legislation Across 50 Countries
  • India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
  • Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
  • 18 Oil and Gas Companies Take Cyber Resilience Pledge

Copyright © TheCyberSecurity.News, All Rights Reserved.