Security News > 2022 > September > CISA orders agencies to patch Chrome, D-Link flaws used in attacks
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software.
The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.
On Monday, QNAP network-attached storage appliance maker warned its customers that it patched a zero-day bug in the widely used Photo Station software, tracked as CVE-2022-27593, and actively exploited in widespread DeadBolt ransomware attacks.
After being added to CISA's to its Known Exploited Vulnerabilities catalog, all Federal Civilian Executive Branch Agencies agencies now must patch their systems against these security bugs exploited in the wild according to a binding operational directive published in November.
The federal agencies were given three weeks, until September 29th, to ensure that exploitation attempts would be blocked.
Since this binding directive was issued in November, CISA has added more than 800 security flaws to its catalog of bugs exploited in attacks, requiring federal agencies to patch them on a tighter schedule to block security breaches.
News URL
Related news
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-08 | CVE-2022-27593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Qnap Photo Station An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. | 9.1 |