January 9, 2024 at 02:33PM
The U.S. Cybersecurity and Infrastructure Security Agency has added six vulnerabilities impacting products from Apple, Adobe, Apache, D-Link, and Joomla to the Known Exploited Vulnerabilities catalog. These flaws are actively exploited and pose significant risks. Federal agencies have until January 29 to patch or discontinue use of the vulnerable products. More information is available in the KEV catalog.
Key takeaways from the meeting notes:
1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six vulnerabilities to the Known Exploited Vulnerabilities catalog, impacting products from Apple, Adobe, Apache, D-Link, and Joomla.
2. The Known Exploited Vulnerabilities catalog (KEV) contains security issues actively exploited in the wild and is crucial for vulnerability management and prioritization.
3. CISA has issued a notice, requiring federal agencies to patch the six actively exploited flaws or discontinue using the vulnerable products by January 29.
4. The six vulnerabilities include issues with Apache Superset, Joomla!, Apple iOS, Adobe ColdFusion, and D-Link devices, with severity scores ranging from “medium” to “critical.”
5. Some vulnerabilities have been leveraged in attacks disclosed recently, such as CVE-2023-41990 in the ‘Operation Triangulation’ campaign and CVE-2023-38203 and CVE-2023-29300 by hackers after security researchers demonstrated that patches could be bypassed.
6. Proof-of-concept exploits for CVE-2023-27524 were released in September, potentially leading to widespread exploitation.
Overall, organizations and federal agencies are advised to check for these vulnerabilities and apply the necessary security updates or mitigation steps.