August 7, 2024 at 06:05PM The Known Exploited Vulnerabilities (KEV) catalog, containing over 1,140 known exploited vulnerabilities, may not effectively convey changes to the severity of issues. CISA’s lack of notification on updates potentially hinders security teams’ ability to prioritize remediation. Additionally, changes in ransomware status and shorter remediation deadlines indicate evolving policies and critical … Read more
July 18, 2024 at 02:19AM Cisco released patches for a critical security flaw in Smart Software Manager On-Prem (Cisco SSM On-Prem) allowing remote attackers to change user passwords. The flaw, tracked as CVE-2024-20419, carries a CVSS score of 10.0. CISA also added three vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply … Read more
May 30, 2024 at 02:09PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted a high-severity security flaw in the Linux kernel (CVE-2024-1086) enabling local privilege escalation. Additionally, a security flaw in Check Point network gateway products (CVE-2024-24919) was added to the Known Exploited Vulnerabilities catalog. Federal agencies are urged to apply the latest fixes … Read more
January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All … Read more