Security News

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching
2024-05-07 11:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
2023-11-17 05:57

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active...

CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
2023-08-17 05:10

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities catalog, based on evidence of active in-the-wild exploitation. "This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix said in an advisory released in June.

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
2023-08-11 03:38

The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
2023-04-22 06:00

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. "In a cluster deployment, MinIO returns all environment variables, including MINIO SECRET KEY and MINIO ROOT PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023.

15 million public-facing services vulnerable to CISA KEV flaws
2023-03-31 19:23

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV catalog. Using these custom search queries, the researchers found 15 million instances vulnerable to 200 CVEs from the catalog.

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems
2023-03-08 06:30

The U.S. Cybersecurity and Infrastructure Security Agency has added three security flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The most critical of the three is CVE-2022-35914, which concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open source asset and IT management software package.

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
2023-02-22 05:38

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the system.