Security Affairs

FEBRUARY 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. Cisco addressed the flaw in May 2020.

Authentication 118

Authentication Hacking Cybersecurity Risk 118

Security Affairs

OCTOBER 5, 2023

CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. to its Known Exploited Vulnerabilities Catalog. An attacker can exploit the flaw to steal source code and stored service secrets and private keys of the target organization. and Windows bug CVE-2023-28229 (CVSS score: 7.0)

Authentication 114

Authentication Hacking Cybersecurity Software 114

Tech Republic Security

MARCH 17, 2022

CISA adds 15 known exploited vulnerabilities to its catalog and BlackBerry researchers warn of a new ransomware-as-a-service family. The post Cybersecurity news: LokiLocker ransomware, Instagram phishing attack and new warnings from CISA appeared first on TechRepublic.

Phishing 200

Phishing Ransomware Cybersecurity 200

The Hacker News

NOVEMBER 8, 2023

Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Cybersecurity 108

Cybersecurity 108

The Last Watchdog

MARCH 25, 2024

Recover (RC): Focuses on restoring capabilities or services that were impaired due to a cybersecurity incident. NIST has developed quick-start guides customized for various audiences, along with case studies showcasing successful implementations, and a searchable catalog of references, all aimed at facilitating the adoption of CSF 2.0

Cybersecurity 200

Cybersecurity Artificial Intelligence Risk Government 200

Security Affairs

FEBRUARY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD.

Ransomware 130

Ransomware VPN Education Hacking 130

Security Affairs

JANUARY 18, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-6549 is a Denial of Service.

Authentication 121

Authentication VPN Software Engineering 121

Security Affairs

AUGUST 10, 2023

US CISA added zero-day vulnerability CVE-2023-38180 affecting.NET and Visual Studio to its Known Exploited Vulnerabilities catalog. affecting.NET and Visual Studio to its Known Exploited Vulnerabilities Catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Hacking 95

Hacking Risk Cybersecurity Information Security 95

Security Affairs

OCTOBER 14, 2023

The US Agency is sharing this information in its known exploited vulnerabilities (KEV) catalog, which now integrates an additional attribute titled “known to be used in ransomware campaigns.” This list is different from the KEV catalog as it contains information not CVE based.” ” reads the announcement.

Ransomware 110

Ransomware Healthcare Manufacturing Education 110

Bleeping Computer

MARCH 31, 2023

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog. [.]

109

109

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 94

Spyware Data breaches Hacking Ransomware 94

Security Affairs

DECEMBER 1, 2023

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Surveillance 100

Surveillance Software Engineering Passwords 100

Security Affairs

MARCH 27, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. ?. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity 97

Cybersecurity Hacking Risk Information Security 97

Malwarebytes

JANUARY 19, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog , and it has set the “due date” a week after they were added. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not impacted.

Authentication 102

Authentication VPN Internet Internet 102

Security Affairs

MARCH 8, 2023

US CISA added actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog. GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. and the Netherlands.

DDOS 98

DDOS IoT Software Internet 98

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. In late 2023, Mandiant noticed that a VMware vmdird service crashed minutes prior to the deployment of the backdoors being deployed. reads the report published by Mandiant.

Firewall 120

Firewall Malware Hacking Cybersecurity 120

Malwarebytes

APRIL 5, 2022

On April 4 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2021-45382 to its known exploited vulnerabilities catalog. CISA catalog. The CISA catalog of known exploited vulnerabilities was set up to list the most important vulnerabilities that have proven to pose the biggest risks. Mitigation.

Firmware 145

Firmware Software Risk Authentication 145

Security Affairs

APRIL 15, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added Android and Novi Survey flaws to its Known Exploited Vulnerabilities catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. CISA orders federal agencies to fix this flaw by May 4, 2023.

Education 89

Education Accountability Media Cybersecurity 89

Security Affairs

FEBRUARY 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS to its Known Exploited Vulnerabilities Catalog. is a denial-of-service (DoS) issue that resides in the Intel ethernet diagnostics driver for Windows IQVW32.sys The CVE-2015-2291 flaw (CVSS v3 score 7.8) sys and IQVW64.sys.

Healthcare 97

Healthcare Ransomware Authentication Hacking 97

Security Affairs

MAY 27, 2023

US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities Catalog.

Hacking 94

Hacking Network Security Risk Cybersecurity 94

Security Affairs

JANUARY 11, 2023

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix these vulnerabilities by January 31, 2023.

Ransomware 97

Ransomware Hacking Government Risk 97

Security Affairs

DECEMBER 16, 2022

US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Backups 98

Backups Authentication Software Risk 98

Security Affairs

SEPTEMBER 17, 2022

Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Pierluigi Paganini.

Hacking 98

Hacking Cybersecurity Risk Information Security 98

Security Affairs

MARCH 16, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN 97

VPN Network Security Hacking Cybersecurity 97

The Hacker News

AUGUST 10, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Cybersecurity 85

Cybersecurity 85

Security Affairs

NOVEMBER 22, 2023

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. while processing the GLIBC_TUNABLES environment variable.

Cryptocurrency 103

Cryptocurrency Hacking Risk Cybersecurity 103

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. ” reads the advisory published by CISA.

Authentication 97

Authentication Risk Hacking Accountability 97

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). CISA orders federal agencies to fix this flaw by June 2nd, 2023.

Wireless 93

Wireless DDOS Cybersecurity Hacking 93

Security Boulevard

NOVEMBER 15, 2023

CISA has put a spotlight on a high-severity Service Location Protocol (SLP) vulnerability. CISA has bumped it up to the Known Exploited Vulnerabilities catalog. Well, there’s evidence of bad actors actively taking advantage of it to pull off denial-of-service (DoS) attacks. Why the fuss?

Software 65

Software Cybersecurity 65

Security Affairs

JANUARY 24, 2023

US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw ( CVE-2022-47966 ) to its Known Exploited Vulnerabilities Catalog. CISA orders federal agencies to fix these vulnerabilities by February 13, 2023.

Hacking 97

Hacking Risk Information Security 97

Security Affairs

AUGUST 20, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536.

Risk 93

Risk Cybersecurity Authentication Hacking 93

Security Affairs

AUGUST 23, 2022

US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028 , affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. h2 >= 10.2.2-h2

Firewall 95

Firewall DDOS Cybersecurity Risk 95

Malwarebytes

JANUARY 12, 2024

Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. Take for example the vulnerability that has been added to the CISA catalog: CVE-2023-23752 was reported, and a fix was created in February 2023. But here we are, active exploitation is upon us.

Passwords 129

Passwords Firewall Marketing Authentication 129

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Cybercrime 104

Cybercrime Ransomware Malware Data breaches 104

Security Affairs

MAY 20, 2023

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. CISA also addressed the following issue in the latest turn: CVE-2004-1464 – Cisco IOS Denial-of-Service Vulnerability.

Internet 97

Internet Internet Mobile Hacking 97

Security Affairs

JANUARY 23, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 101

Authentication Hacking Government Cybersecurity 101

Malwarebytes

FEBRUARY 3, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) maintains a “ known exploited vulnerabilities catalog ” which can be useful if you need help prioritizing the patching of vulnerabilities. The directive established the catalog and bound everyone operating federal information systems to abide by it.

Software 80

Software Cybersecurity Internet Internet 80