CISA Adds Four Known Exploited Vulnerabilities to Catalog

by | Jan 21, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date
CVE-2006-1547 Apache Struts 1 ActionForm Denial of Service Vulnerability 07/21/2022
CVE-2012-0391 Apache Struts 2 Improper Input Validation Vulnerability 07/21/2022
CVE-2018-8453 Microsoft Windows Win32k Privilege Escalation Vulnerability 07/21/2022
CVE-2021-35247 SolarWinds Serv-U Improper Input Validation Vulnerability 02/04/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

F5 Releases January 2022 Quarterly Security Notification

by | Jan 20, 2022 | Security, Technology

This article is contributed. See the original author and article here.

F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system.

CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.

Drupal Releases Security Updates

by | Jan 20, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

Google Releases Security Updates for Chrome

by | Jan 20, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

Cisco Releases Security Updates for Multiple Products

Cisco Releases Security Updates for Multiple Products

by | Jan 20, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

SSL

Secure .gov websites use HTTPS A lock (lock icon) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.