• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws

You are here: Home / General Cyber Security News / Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
May 25, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of recognized exploited flaws this 7 days.

The US federal agency has urged all companies to remediate these vulnerabilities instantly to “reduce their exposure to cyber-attacks.” Federal Civilian Govt Department (FCEB) companies are necessary by law to remediate all vulnerabilities in the catalog by the specified thanks day.

The recently added vulnerabilities span six many years, with the oldest disclosed in 2016. This is a Microsoft Internet Explorer Facts Disclosure Vulnerability named CVE-2016-0162.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The most recent was a Cisco IOS XR open port vulnerability (CVE-2022-20821), which was fastened previous 7 days. This will allow attackers to join to the Redis occasion on the open up port and let accessibility to the Redis instance that is running in just the NOSi container.

The Windows elevation of privileges vulnerability CVE-2020-0638 was disclosed in 2020 but was nevertheless becoming used by the Conti ransomware gang for their attacks on company networks this calendar year.

Other noteworthy vulnerabilities newly added to the catalog are two Android Linux Kernel flaws: CVE-2021-1048 and CVE-2021-0920. These are only known to be made use of in confined attacks from Android equipment.

The relaxation of the flaws relate to software program items from Cisco, Microsoft, Apple, Google, Mozilla, Facebook, Adobe and Webkit GTK software package products. These range from 2018 to 2021.

Federal agencies are essential to patch the 21 vulnerabilities additional on Monday Might 23 by June 13, whilst the 20 additional on Tuesday Might 24 must be set by June 14.

Commenting on the announcement, Kev Breen, director of cyber risk investigate at Immersive Labs, commented: “CISA incorporating 41 vulnerabilities to its catalog of recognized exploited flaws employed in cyber-attacks is unsurprising since attackers are properly versed at getting vulnerabilities, previous and new, to exploit in their malicious strategies.”

He ongoing: “As menace actors carry on to use vulnerabilities in attacks, the well-trodden assistance is to put in updates on all equipment. And, while concentrating on core cybersecurity hygiene factors like patching will aid organizations bolster their cyber resilience, attackers are ingenious at obtaining new entry details to systems extensive in advance of they emerge as compromised.

“Organizations have to do extra than just forecasting IT teams on updates and patching. The total workforce requirements elevating in the struggle towards increasing cyber risk. Remaining resilient in an at any time-changing risk natural environment needs the optimization of human cyber expertise, techniques and judgment throughout the entire firm when it arrives to planning for, responding to and remediating towards cyber threats, no matter what their sort.”


Some pieces of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
  • Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks
  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware
  • Zoom Patches ‘Zero-Click’ RCE Bug
  • Messages Sent Through Zoom Can Expose People to Cyber-Attack
  • Verizon Report: Ransomware, Human Error Among Top Security Risks
  • How Secrets Lurking in Source Code Lead to Major Breaches
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
  • UK Government Cybersecurity Advisory Board Applications Now Open

Copyright © TheCyberSecurity.News, All Rights Reserved.