• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa adds 41 vulnerabilities to catalog of exploited bugs

CISA adds 41 vulnerabilities to catalog of exploited bugs

You are here: Home / General Cyber Security News / CISA adds 41 vulnerabilities to catalog of exploited bugs
May 27, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) extra 41 vulnerabilities to its catalog of recognised exploited bugs this week.

The batch is a person of the major to be included to the record because the firm commenced compiling it back in November past calendar year, with the additions including bugs relating to the likes of Microsoft, Apple, Google, Cisco, Adobe, Fb, WhatsApp, Mozilla, Kaseya, Artifex, and QNAP.

The dates of these vulnerabilities array from 2016 to 2021, with the CISA providing federal companies right up until June 13 and 14 to supply patches and “reduce their publicity to cyber attacks”.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The organisation says it provides exploited vulnerabilities “when they turn into known”. issue to an government critique and when they satisfy three key thresholds: the vulnerability has an assigned Widespread Vulnerabilities and Exposures (CVE) ID, there is reputable proof that it has been actively exploited in the wild, and when there is distinct remediation action for the bug.

The oldest of the batch dates again to 2016 and issues a Microsoft Internet Explorer Disclosure Vulnerability titled CVE-2016-0162, utilised to allow remote attackers to establish the existence of information by way of crafted JavaScript code.

The most modern listing is a Cisco IOS XR open up port vulnerability (CVE-2022-20821), which was fixed final week. This bug is used to allow an unauthenticated, remote attacker to access the Redis instance that is jogging in the NOSi container.

Elsewhere, two Android Linux Kernel flaws were being also added – CVE-2021-1048 and CVE-2021-0920 – which have been known to only be utilised in minimal attacks against Android equipment.

CISA also stated the Windows elevation of privileges vulnerability (CVE-2020-0638). Even with remaining disclosed back in 2020, the flaw was continue to becoming made use of by ransomware gang Conti as portion of corporate attacks this yr.

The listing of vulnerabilities ended up added to the catalog in two components, with CISA supplying federal organizations until eventually June 13th for the 21 additional on Monday, and until finally June 14th for the 20 detailed on Tuesday.


Some sections of this short article are sourced from:
www.itpro.co.uk

Previous Post: «intuit issues yet another phishing warning to quickbooks customers Intuit issues yet another phishing warning to QuickBooks customers
Next Post: Survey Evidences Leaders Lack Confidence in Cyber-Risk Management Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.