Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
CISA Adds 15 New Flaws to its Actively Exploited Vulnerabilities Catalog
published on 2022-01-12 11:02:20 UTC by CISOMAGContent:
Unresolved security issues serve as frequent attack vectors for opportunistic cybercriminals. It is known that threat actors often target publicly known or unpatched security vulnerabilities to break into organizations’ critical network systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added 15 new security flaws to its Known Exploited Vulnerabilities Catalog, which adversaries are actively exploiting. The agency stated that these vulnerabilities have become a constant attack vector for malicious actors and pose a significant risk to federal enterprises.
The Newly Added Vulnerabilities Include:
CVE Number |
CVE Description |
| CVE-2021-22017 | VMware vCenter Server Improper Access Control Vulnerability |
| CVE-2021-36260 | Hikvision Improper Input Validation Vulnerability |
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability |
| CVE-2020-6572 | Google Chrome prior to 81.0.4044.92 Use-After-Free Vulnerability |
| CVE-2019-1458 | Microsoft Win32K Elevation of Privilege Vulnerability |
| CVE-2019-7609 | Elastic Kibana Remote Code Execution Vulnerability |
| CVE-2019-2725 | Oracle WebLogic Server, Injection Vulnerability |
| CVE-2019-9670 | Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability |
| CVE-2019-10149 | Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability |
| CVE-2019-1579 | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability |
| CVE-2018-13383 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability |
| CVE-2018-13382 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability |
| CVE-2017-1000486 | Primetek Primefaces Application Remote Code Execution Vulnerability |
| CVE-2015-7450 | IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution Vulnerability |
| CVE-2013-3900 | Elastic Kibana Remote Code Execution Vulnerability |
Age-Old Bugs
Of the 15, four vulnerabilities were disclosed between 2020 and 2021, and the rest date back to 2013 and 2015. Some of the newly added vulnerabilities are rated as medium risks in severity. CISA urged federal agencies to address these susceptibilities as early as possible by applying the available patches to prevent ongoing cyberthreats.
Also Read: These are the Routinely Exploited Vulnerabilities in 2020 and 2021
CISA’s Binding Operational Directive
CISA recently issued a Binding Operational Directive (BOD) to reduce the risk of actively exploited vulnerabilities. The new Directive, which applies to all software and hardware found on federal information systems, requires federal civilian agencies to remediate such vulnerabilities within specific timeframes. According to CISA, over 18,000 vulnerabilities were identified in 2020. Public and private sector organizations find it difficult to remediate the growing security flaws. From 2015-2018, the number of new flaws surged from 6,487 to 17,305, and 9,883 of these were rated high and critical. Read More Here…
The post CISA Adds 15 New Flaws to its Actively Exploited Vulnerabilities Catalog appeared first on CISO MAG | Cyber Security Magazine.
https://cisomag.eccouncil.org/cisa-adds-15-new-flaws-to-its-actively-exploited-vulnerabilities-catalog/
Published: 2022 01 12 11:02:20
Received: 2022 01 12 11:06:59
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 1
