NOTE: With the addition of these eight vulnerabilities, there is now a total of 351 exploited vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog.
CISA adds 8 vulnerabilities to list of actively exploited bugs
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.
The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline.
As all of the vulnerabilities in the catalog are leveraged in active threats and current cyber-attacks, they carry a significant risk to organizations, allowing the takeover of mobile devices, network access, the ability to execute commands remotely.
The eight flaws added by CISA last week are listed below:
CVE ID | Description | Patch Deadline |
CVE-2022-22587 | Apple IOMobileFrameBuffer Memory Corruption Vulnerability | 2/11/2022 |
CVE-2021-20038 | SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability | 2/11/2022 |
CVE-2014-7169 | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | 7/28/2022 |
CVE-2014-6271 | GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | 7/28/2022 |
CVE-2020-0787 | Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | 7/28/2022 |
CVE-2014-1776 | Microsoft Internet Explorer Use-After-Free Vulnerability | 7/28/2022 |
CVE-2020-5722 | Grandstream Networks UCM6200 Series SQL Injection Vulnerability | 7/28/2022 |
CVE-2017-5689 | Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability | 7/28/2022 |
The most recent vulnerability, CVE-2022-22587, was discovered in 2022 and is a memory corruption flaw in the IOMobileFrameBuffer affecting iOS, iPadOS, and macOS "Monterey."
Apple released a security update to fix the zero-day last Wednesday, warning that it is actively exploited in attacks. Due to the potential impact of this vulnerability on devices with wide circulation, CISA has given federal agencies until February 11, 2022, to apply the security updates.
CISA also added the CVE-2021-20038 vulnerability affecting SonicWall SMA 100 Appliances after it was discovered that threat actors were actively scanning for and attempting to exploit the vulnerability. As a result, CISA also requires agencies to patch this bug by February 11, 2022.
Some attempts itw on CVE-2021-20038 (SonicWall SMA RCE). Also some password spraying of default passwords from the past few days
— Rich Warren (@buffaloverflow) January 24, 2022
Remember to update AND change default passwords :) pic.twitter.com/WyDIXVKb4m
Of the older flaws, CVE-2013-6271 holds special significance for being a reliable long-term intrusion channel for adversaries.
It surfaced again via the 'Sea Turtle' campaign, which took place between 2017 and 2019, being among a set of flaws exploited in the context of global-scale sophisticated DNS hijacking attacks.
It appears that many system administrators still find it practically challenging to apply the fixing updates after almost eight years since they were first made publicly available.
With the addition of these eight vulnerabilities, there is now a total of 351 exploited vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog
Over 20,000 data center management systems exposed to hackers
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.
- January 29, 2022
- 11:08 AM
- 0
-
QNAP: DeadBolt ransomware exploits a bug patched in December
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks.
- January 31, 2022
- 02:28 PM
- 0
Microsoft Office 365 to add better protection for priority accounts
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers).
- January 31, 2022
- 12:17 PM
- 0
Russian 'Gamaredon' hackers use 8 new malware payloads in attacks
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.
- January 31, 2022
- 11:14 AM
- 1
277,000 routers exposed to Eternal Silence attacks via UPnP
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.
- January 31, 2022
- 10:40 AM
- 0
Researchers use GPU fingerprinting to track users online
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking.
- January 30, 2022
- 10:12 AM
- 0
FTC: Americans lost $770 million from social media fraud surge
Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021.
- January 30, 2022
- 10:00 AM
- 0
Federal infra funding should focus more on performance