CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

November 19, 2024 at 04:28PM CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog, including a critical OS command injection affecting Progress Kemp LoadMaster. This addition highlights the ongoing need for organizations to address cybersecurity risks through timely updates and patches. ### Meeting Notes Takeaways 1. **New Vulnerabilities Added**: The U.S. Cybersecurity … Read more

Monitoring Changes in KEV List Can Guide Security Teams

August 7, 2024 at 06:05PM The Known Exploited Vulnerabilities (KEV) catalog, containing over 1,140 known exploited vulnerabilities, may not effectively convey changes to the severity of issues. CISA’s lack of notification on updates potentially hinders security teams’ ability to prioritize remediation. Additionally, changes in ransomware status and shorter remediation deadlines indicate evolving policies and critical … Read more

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

July 18, 2024 at 02:19AM Cisco released patches for a critical security flaw in Smart Software Manager On-Prem (Cisco SSM On-Prem) allowing remote attackers to change user passwords. The flaw, tracked as CVE-2024-20419, carries a CVSS score of 10.0. CISA also added three vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply … Read more

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

May 30, 2024 at 02:09PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted a high-severity security flaw in the Linux kernel (CVE-2024-1086) enabling local privilege escalation. Additionally, a security flaw in Check Point network gateway products (CVE-2024-24919) was added to the Known Exploited Vulnerabilities catalog. Federal agencies are urged to apply the latest fixes … Read more

CISA Urges Patching of Exploited SharePoint Server Vulnerability

January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more