Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

CISA: Here are 66 more security flaws actively being used by hackers - so get patching

28 Марта 2022 года Hi-network.com

The US Cybersecurity and Infrastructure Security Agency (CISA) has told federal agencies to patch 66 new security bugs based on evidence of active exploitation. 

These new 66 bugs join a growing list of bugs in the Known Exploited Vulnerabilities Catalog that covers technology typically used in enterprises, such as network security appliances. 

Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

Federal agencies have been given until April 15, 2022 to apply this batch of patches under the Binding Operational Directive aimed at reducing the significant risk of known exploited vulnerabilities. 

SEE:There's a critical shortage of women in cybersecurity, and we need to do something about it

The 66 bugs include recent and older flaws in networking kit and security appliances from D-Link, Cisco, Netgear, Citrix, Kuiper, Palo Alto, Sophos, Zyxel, plus enterprise software from Oracle, OpenBSD, VMware and others, as well as multiple Windows bugs.

Among the bugs are one affecting Watch Guard's Firefox and XTM appliances (CVE-2022-26318), one impacting Mitel's MiCollab, MiVoice Business Express Access Control Vulnerability (CVE-2022-26143), and the Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-21999). 

The Mitel bug was being exploited for the TP240PhoneHome DDoS attack, which was capable of an amplification ratio of 4,294,967,296 to 1. It was observed being exploited in February and March. 

CISA last month gave agencies two weeks to fix a whopping 95 bugs. Again some were newly exploited while others have had patches available for several years. 

So, it looks like admins at federal agencies will have yet another busy few weeks finding and then patching systems. As part of its Shields Up initiative, CISA and the White House are encouraging all US organizations to step up patch and check multi-factor authentication configurations due to an increased threat from cyberattacks being directed at them by Russia.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.