• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws

You are here: Home / General Cyber Security News / Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
May 25, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of recognized exploited flaws this 7 days.

The US federal agency has urged all companies to remediate these vulnerabilities instantly to “reduce their exposure to cyber-attacks.” Federal Civilian Govt Department (FCEB) companies are necessary by law to remediate all vulnerabilities in the catalog by the specified thanks day.

The recently added vulnerabilities span six many years, with the oldest disclosed in 2016. This is a Microsoft Internet Explorer Facts Disclosure Vulnerability named CVE-2016-0162.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The most recent was a Cisco IOS XR open port vulnerability (CVE-2022-20821), which was fastened previous 7 days. This will allow attackers to join to the Redis occasion on the open up port and let accessibility to the Redis instance that is running in just the NOSi container.

The Windows elevation of privileges vulnerability CVE-2020-0638 was disclosed in 2020 but was nevertheless becoming used by the Conti ransomware gang for their attacks on company networks this calendar year.

Other noteworthy vulnerabilities newly added to the catalog are two Android Linux Kernel flaws: CVE-2021-1048 and CVE-2021-0920. These are only known to be made use of in confined attacks from Android equipment.

The relaxation of the flaws relate to software program items from Cisco, Microsoft, Apple, Google, Mozilla, Facebook, Adobe and Webkit GTK software package products. These range from 2018 to 2021.

Federal agencies are essential to patch the 21 vulnerabilities additional on Monday Might 23 by June 13, whilst the 20 additional on Tuesday Might 24 must be set by June 14.

Commenting on the announcement, Kev Breen, director of cyber risk investigate at Immersive Labs, commented: “CISA incorporating 41 vulnerabilities to its catalog of recognized exploited flaws employed in cyber-attacks is unsurprising since attackers are properly versed at getting vulnerabilities, previous and new, to exploit in their malicious strategies.”

He ongoing: “As menace actors carry on to use vulnerabilities in attacks, the well-trodden assistance is to put in updates on all equipment. And, while concentrating on core cybersecurity hygiene factors like patching will aid organizations bolster their cyber resilience, attackers are ingenious at obtaining new entry details to systems extensive in advance of they emerge as compromised.

“Organizations have to do extra than just forecasting IT teams on updates and patching. The total workforce requirements elevating in the struggle towards increasing cyber risk. Remaining resilient in an at any time-changing risk natural environment needs the optimization of human cyber expertise, techniques and judgment throughout the entire firm when it arrives to planning for, responding to and remediating towards cyber threats, no matter what their sort.”


Some pieces of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks
Next Post: Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent twitter fined $150 million for misusing users' data for advertising»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns
  • Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
  • New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
  • Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
  • MongoDB CISO: Don’t be afraid to simplify important issues for executives
  • Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
  • Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
  • Lazarus blamed for 3CX attack as byte-to-byte code match discovered
  • New Cylance Ransomware strain emerges, experts speculate about its notorious members
  • 3CX Supply Chain Attack — Here’s What We Know So Far

Copyright © TheCyberSecurity.News, All Rights Reserved.