CISA warns against actively exploited Chrome and D-Link security flaws

Shutterstock

The US Cybersecurity and Infrastructure Security Agency (CISA) has added 12 extra security flaws to its Regarded Exploited Vulnerabilities (KEV) catalog, including two critical D-Connection vulnerabilities and two (now-patched) zero-days in Google Chrome and the QNAP Picture Station.

Google issued an emergency security update for the zero-working day, tracked as CVE-2022-3075, on September 2. The flaw is reportedly the sixth zero-day chrome vulnerability observed by Google in 2022. 

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

On September 5, QNAP NAS declared it has patched a zero-working day bug in its Photograph Station software program, tracked as CVE-2022-27593. The update follows a DeadBolt ransomware attack.

Two critical D-Hyperlink security flaws, beneath the monickers CVE-2022-28958 and CVE-2022-26258, can do the job as backdoors for the Mirai-based Moobot botnet to attain choose comprehensive regulate over unpatched units.

Presented the severity, all Federal Civilian Government Branch Agencies (FCEB) organizations must patch their systems versus the aforementioned security bugs in conformity with the binding operational directive (BOD 22-01) published in November. The very last date for issuing the patches is September 29.

Although DHS’ BOD 22-01 only applies to FCEB companies, the cybersecurity agency strongly urges U.S. corporations in each the personal and community sectors to prioritize patching to limit more attacks.

“These varieties of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a important risk to the federal enterprise,” the US cybersecurity agency spelled out Thursday.

The CISA has additional 800 security flaws to its catalog of bugs exploited in attacks since it issued its binding directive in November, demanding federal organizations to resolve them on a far more repeated foundation.