Security News > 2022 > September > CISA orders agencies to patch Chrome, D-Link flaws used in attacks
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two zero-days in Google Chrome and the Photo Station QNAP software.
The Google Chrome zero-day was patched on September 2nd via an emergency security update after the company was made aware of in-the-wild exploitation.
On Monday, QNAP network-attached storage appliance maker warned its customers that it patched a zero-day bug in the widely used Photo Station software, tracked as CVE-2022-27593, and actively exploited in widespread DeadBolt ransomware attacks.
After being added to CISA's to its Known Exploited Vulnerabilities catalog, all Federal Civilian Executive Branch Agencies agencies now must patch their systems against these security bugs exploited in the wild according to a binding operational directive published in November.
The federal agencies were given three weeks, until September 29th, to ensure that exploitation attempts would be blocked.
Since this binding directive was issued in November, CISA has added more than 800 security flaws to its catalog of bugs exploited in attacks, requiring federal agencies to patch them on a tighter schedule to block security breaches.
News URL
Related news
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- CISA: Here’s how you can foil DDoS attacks (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- CISA says GitLab account takeover bug is actively exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-08 | CVE-2022-27593 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Qnap Photo Station An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. | 0.0 |