CISA warning: Hackers are exploiting these 36 “significant” cybersecurity vulnerabilities – so patch now

The United States Cybersecurity and Infrastructure Agency (CISA) has added 36 new flaws to its catalog of vulnerabilities that are known to be exploited by cyber criminals. 

The CISA alert warns that the vulnerabilities are a frequent attack vector for malicious attackers and pose “significant risk”. Organisations, particularly those associated with federal government, are urged to apply the security updates as soon as possible. 

“CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of catalog vulnerabilities as part of their vulnerability management practice,” said CISA.

SEE: Cloud computing dominates. But security is now the biggest challenge

Among the 36 vulnerabilities that have been added are vulnerabilities in software and products from Microsoft, Google, Adoble, Cisco, Netgear, QNAP and others.  

Vulnerabilities in Microsoft products include CVE-2012-4969, a vulnerability in Internet Explorer that allows remote execution of code, and CVE-2013-1331, a buffer overflow vulnerability in Microsoft Office that allows cyber criminals to launch remote attacks. CVE-2012-0151, a flaw in the Authenticode Signature Verification function in Microsoft Windows that allows user-assisted attackers to execute remote code, has also been added to the catalog.  

The CISA alert also addresses several vulnerabilities in Google’s Chromium V8 Engine, including CVE-2016-1646 and CVE-2016-5198, which allow remote attackers to cause a denial of service, as well as flaws like CVE-2018-17463 and CVE-2017-5070, which, if left unpatched, allow attackers to remotely execute code that they could exploit to access networks. 

Several vulnerabilities in Adobe software have been added to the catalog, including CVE-2009-4324, a flaw in Adobe Acrobat and Reader, which allows remote attackers to execute code via a crafted PDF file, and CVE-2010-1297, a memory corruption vulnerability in Adobe Flash Player that allows remote attackers to execute code or cause denial of service. 

Several flaws in routers and other internet-connected devices have also been added to CISA’s catalog, including CVE-2017-6862, which is a buffer overflow vulnerability in multiple Netgear devices that allows for authentication bypass and remote code execution, and CVE-2019-15271, a flaw in Cisco RV series routers that could allow an attacker to execute code with root privileges. 

SEE: Don’t let your cloud cybersecurity choices leave the door open for hackers

CISA also warns about a number of vulnerabilities in QNAP products, including CVE-2019-7192, a flaw in QNAP Network Attached Storage (NAS) devices running Photo Station, which contains an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.  

The full list of all 36 vulnerabilities has been detailed in CISA’s known exploited vulnerabilities catalog

Cybersecurity bodies like CISA often say that applying cybersecurity patches that fix known vulnerabilities is one of the best ways to stay protected from cyberattacks.  

MORE ON CYBERSECURITY

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.