U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog. The two flaws, tracked as CVE-2023-41064 and CVE-2023-41061, were used to install NSO […]
US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-33246 (CVSS score 9.8) affecting Apache RocketMQ to its Known Exploited Vulnerabilities Catalog. Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. Threat actors […]
US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can […]
US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog. Citrix ShareFile is a secure file sharing and storage platform designed for businesses and professionals to collaborate on documents, exchange […]
US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to its Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited to trigger a denial-of-service (DoS) condition, […]
US CISA added a second actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the second actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM, formerly MobileIron Core) vulnerability, tracked as CVE-2023-35081, to its Known Exploited Vulnerabilities Catalog. “The Cybersecurity and Infrastructure Security […]
US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws added to the catalog: The CVE-2019-17621 flaw is a remote command execution flaw that resides in […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the […]
US CISA added actively exploited Progress MOVEit Transfer zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product […]
US CISA added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities Catalog. The three issues reside in the WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373. Below […]