Tag: kev
-
CISOs müssen OT-Risiken stärker adressieren
by
in SecurityNews
Tags: china, ciso, cyber, cyberattack, exploit, firewall, hacker, infrastructure, Internet, iran, kev, kritis, military, ransomware, risk, technology, update, vulnerabilityDa Angriffe auf OT-Bereiche zunehmen, sollten CISOs einen Exposure-Management-Ansatz verfolgen.Die Bedrohungen gegen die Betriebstechnik (Operational Technology, OT) der kritischen Infrastruktur (KRITIS) verschärfen sich kontinuierlich. China baut offensive Komponenten in amerikanische Militär- und Unternehmensnetzwerke ein. Zudem haben chinesische Hacker Telekommunikationsunternehmen und Internetdienstleister infiltriert, um Zivilisten auszuspionieren. Seit etlichen Jahren, also bereits deutlich vor dem Angriffskrieg, greift…
-
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore First…
-
CISA Issues Alert on Actively Exploited VMware Vulnerabilities
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, mitigation, threat, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated warnings on March 4, 2025, by adding four severe vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Federal agencies and private organizations are urged to prioritize mitigation efforts, as threat actors are actively weaponizing these flaws in VMware ESXi, Workstation, Fusion, and the Linux kernel. CVE-2025-22225:…
-
CISA Expands Known Exploited Vulnerabilities Catalog with Four Critical Issues
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog with four new vulnerabilities, adding to the growing list of cyber risks that have been actively exploited. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-3/
-
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: android, cisa, cve, cybersecurity, exploit, google, infrastructure, kev, linux, vmware, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android…
-
Several flaws added to CISA known exploited vulnerabilities catalog
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisa-known-exploited-vulnerabilities-catalog
-
Several Flaws Added To CISA’s KEV List
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisas-kev-list
-
Exploitation Long Known for Most of CISA’s Latest KEV Additions
by
in SecurityNewsExploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post Exploitation Long Known for Most of CISA’s Latest KEV Additions appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-long-known-for-most-of-cisas-latest-kev-additions/
-
CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability
by
in SecurityNews
Tags: cisa, control, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, to its Known Exploited Vulnerabilities (KEV) catalog amid confirmed active attacks. First patched by Microsoft in December 2018, this Win32k kernel-mode driver vulnerability enables authenticated local attackers to execute arbitrary code with SYSTEM privileges, granting unfettered control over…
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
by
in SecurityNewsCISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More CISA Warns
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-known-exploited-vulnerabilities-to-catalog/
-
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited”, CISA Sounds Alarm
by
in SecurityNews
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, software, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2023-20118 (CVSS score: 6.5) – A command injection First seen…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
Ransomware criminals love CISA’s KEV list and that’s a bug, not a feature
by
in SecurityNews1 in 3 entries are used to extort civilians, says new paper First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/cisa_kev_list_ransomware/
-
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
by
in SecurityNews
Tags: access, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are as follows -CVE-2024-49035 (CVSS score: 8.7) – An improper access control First seen on…
-
CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability
by
in SecurityNewsCISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog. The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-oracle-agile-plm-vulnerability/
-
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM)vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: CVE-2017-3066(CVSS score of 9.8) is a…
-
CISA KEV Catalog Updated with Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws one affecting Adobe ColdFusion and the other impacting Oracle Agile Product Lifecycle Management (PLM). CVE-2017-3066 in… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cisa-kev-catalog-adobe-coldfusion-oracle-vulnerabilities/
-
CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities, both actively being exploited in the wild. These vulnerabilities, related to Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), have been identified as security risks to federal agencies and organizations worldwide. First seen…
-
CISA Alerts: Oracle Agile Vulnerability Actively Exploited
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile Product Lifecycle Management (PLM) software. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw allows attackers with low-privileged access to execute arbitrary code on unpatched…
-
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting First seen on thehackernews.com…
-
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
by
in SecurityNewsCISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/
-
U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Craft is a flexible, user-friendly CMS, affected…
-
CISA Warns of Active Exploitation of SonicWall SonicOS RCE Vulnerability
by
in SecurityNews
Tags: authentication, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vpn, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of critical remote code execution (RCE) vulnerability in SonicWall’s SonicOS, tracked as CVE-2024-53704. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 19, 2025, the flaw enables unauthenticated attackers to hijack SSL VPN sessions and bypass authentication mechanisms…
-
CISA Issues Warning on Palo Alto PAN-OS Security Flaw Under Attack
by
in SecurityNews
Tags: attack, authentication, cisa, cyber, cybersecurity, exploit, firewall, flaw, infrastructure, kev, network, vulnerabilityCISA and Palo Alto Networks are scrambling to contain widespread exploitation of a critical authentication bypass vulnerability (CVE-2025-0108) affecting firewall devices running unpatched PAN-OS software. The Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities Catalog on February 19, 2025, following a 900% surge in attack attempts over five days.…
-
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Researchers recently warned that threat actors…
-
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
by
in SecurityNews
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The flaws are listed below -CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS…
-
Security Affairs newsletter Round 511 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog…
-
U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: This week Apple released…