The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers at the moment are profiting from vulnerabilities coming from high tech corporations like Microsoft, Oracle, Apache and Apple, amongst others. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” CISA mentioned in an announcement.
CISA added 15 main flaws to its “Known Exploited Vulnerabilities Catalog”, which the US cyber safety arm releases yearly. Most of the vulnerabilities had been disclosed in 2014, 2015, 2016, 2017, 2018 and 2020. These exploits impression Windows, Jenkins, Apache Struts and ActiveMQ, Oracle’s WebLogic, Microsoft Office, D-Link routers, and Apple’s OS X working system.
The most up-to-date Microsoft vulnerability CVE-2021-36934, that Microsoft patched in August 2021 was additionally added to the record. CVE is brief for Common Vulnerabilities and Exposures. It is an inventory of publicly disclosed pc safety flaws. It must be famous that Microsoft had initially launched workarounds and mitigations in July 2021, when the problem was disclosed.
According to CISA, federal businesses at the moment are required to patch their methods in opposition to this actively exploited vulnerability impacting.
“The catalog is a living list of known CVEs that carry significant risk to the federal enterprise. It requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats,” mentioned the CISA.
Meanwhile, CISA has strongly urged all organizations to cut back their publicity to cyberattacks by “prioritising timely remediation of vulnerabilities as part of their vulnerability management practice.”
Few days in the past, CISA together with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Center (ACSC), and the United Kingdom’s National Cyber Security Center (NCSC-UK) issued a joint Cybersecurity Advisory outlining the rising worldwide risk posed by ransomware over the previous 12 months.
The advisory titled “2021 Trends Show Increased Globalised Threat of Ransomware” mentioned ” cybercriminals are more and more having access to networks by way of phishing, stolen Remote Desktop Protocols (RDP) credentials or brute drive, and exploiting software program vulnerabilities. ,
,
With inputs from TheIndianEXPRESS
