Security News

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.The high-severity vulnerability, tracked as CVE-2022-0028, is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service attacks.

The security issue is a high-severity risk identified as CVE-2022-0028 that allows a remote threat actor to deploy reflected and amplified denial-of-service attacks without having to authenticate. While exploiting the flaw can only cause a DoS condition on the affected device, it has already been used for at least one attack.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022.

The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities shared by CISA that are known to be actively exploited in cyberattacks and must be patched by Federal Civilian Executive Branch agencies.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333, the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs. Or, if that's too ambitious for Uncle Sam, Krebs proposed to at least pull CISA out of the Department of Homeland Security and make it a sub-cabinet agency that's allowed to operate independently.

The U.S. Cybersecurity and Infrastructure Security Agency has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation. Officially tracked as CVE-2022-34713 and informally referred to as DogWalk, the security flaw in MSDT allows an attacker to place a malicious executable into the Windows Startup folder.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924, a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances.

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. Today, CISA added the CVE-2022-26138 to its catalog of Known Exploited Vulnerabilities based on evidence of active exploitation.