Latest Cyber Security News

You are here: Home / General Cyber Security News / CISA Flags 6 Vulnerabilities – Apple, Apache, Adobe , D-Link, Joomla Under Attack
January 10, 2024

The U.S. Cybersecurity and Infrastructure Security Company (CISA) has added 6 security flaws to its Identified Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

This consists of CVE-2023-27524 (CVSS rating: 8.9), a superior-severity vulnerability impacting the Apache Superset open-source knowledge visualization software package that could enable remote code execution. It was mounted in version 2.1.

Details of the issue to start with arrived to gentle in April 2023, with Horizon3.ai’s Naveen Sunkavally describing it as a “risky default configuration in Apache Superset that enables an unauthenticated attacker to acquire remote code execution, harvest credentials, and compromise details.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

It is really at this time not known how the vulnerability is getting exploited in the wild. Also added by CISA are five other flaws –

  • CVE-2023-38203 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Details Vulnerability
  • CVE-2023-29300 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Information Vulnerability
  • CVE-2023-41990 (CVSS rating: 7.8) – Apple Multiple Merchandise Code Execution Vulnerability
  • CVE-2016-20017 (CVSS rating: 9.8) – D-Website link DSL-2750B Gadgets Command Injection Vulnerability
  • CVE-2023-23752 (CVSS rating: 5.3) – Joomla! Poor Accessibility Management Vulnerability

It is really worth noting that CVE-2023-41990, patched by Apple in iOS 15.7.8 and iOS 16.3, was made use of by mysterious actors as portion of Operation Triangulation adware attacks to realize remote code execution when processing a specially crafted iMessage PDF attachment.

Federal Civilian Executive Department (FCEB) businesses have been advised to use fixes for the aforementioned bugs by January 29, 2024, to safe their networks towards lively threats.

Located this article attention-grabbing? Follow us on Twitter  and LinkedIn to read through much more unique written content we publish.


Some elements of this posting are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *