Latest Cyber Security News

You are here: Home / General Cyber Security News / CISA adds 41 vulnerabilities to catalog of exploited bugs
May 27, 2022

A digital version of the US flag, the right side of which has been transformed to binary code

The Cybersecurity and Infrastructure Security Agency (CISA) extra 41 vulnerabilities to its catalog of recognised exploited bugs this week.

The batch is a person of the major to be included to the record because the firm commenced compiling it back in November past calendar year, with the additions including bugs relating to the likes of Microsoft, Apple, Google, Cisco, Adobe, Fb, WhatsApp, Mozilla, Kaseya, Artifex, and QNAP.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The dates of these vulnerabilities array from 2016 to 2021, with the CISA providing federal companies right up until June 13 and 14 to supply patches and “reduce their publicity to cyber attacks”.

The organisation says it provides exploited vulnerabilities “when they turn into known”. issue to an government critique and when they satisfy three key thresholds: the vulnerability has an assigned Widespread Vulnerabilities and Exposures (CVE) ID, there is reputable proof that it has been actively exploited in the wild, and when there is distinct remediation action for the bug.

The oldest of the batch dates again to 2016 and issues a Microsoft Internet Explorer Disclosure Vulnerability titled CVE-2016-0162, utilised to allow remote attackers to establish the existence of information by way of crafted JavaScript code.

The most modern listing is a Cisco IOS XR open up port vulnerability (CVE-2022-20821), which was fixed final week. This bug is used to allow an unauthenticated, remote attacker to access the Redis instance that is jogging in the NOSi container.

Elsewhere, two Android Linux Kernel flaws were being also added – CVE-2021-1048 and CVE-2021-0920 – which have been known to only be utilised in minimal attacks against Android equipment.

CISA also stated the Windows elevation of privileges vulnerability (CVE-2020-0638). Even with remaining disclosed back in 2020, the flaw was continue to becoming made use of by ransomware gang Conti as portion of corporate attacks this yr.

The listing of vulnerabilities ended up added to the catalog in two components, with CISA supplying federal organizations until eventually June 13th for the 21 additional on Monday, and until finally June 14th for the 20 detailed on Tuesday.


Some sections of this short article are sourced from:
www.itpro.co.uk

Reader Interactions

Leave a Reply

Your email address will not be published.