CISA Flags 6 Vulnerabilities – Apple, Apache, Adobe, D-Link, Joomla Under Attack

We Keep you Connected

CISA Flags 6 Vulnerabilities – Apple, Apache, Adobe, D-Link, Joomla Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. It was fixed in version 2.1.
Details of the issue first came to light in April 2023, with Horizon3.ai’s Naveen Sunkavally describing it as a “dangerous default configuration in Apache Superset that allows an unauthenticated attacker to gain remote code execution, harvest credentials, and compromise data.”
It’s currently not known how the vulnerability is being exploited in the wild. Also added by CISA are five other flaws –
It’s worth noting that CVE-2023-41990, patched by Apple in iOS 15.7.8 and iOS 16.3, was used by unknown actors as part of Operation Triangulation spyware attacks to achieve remote code execution when processing a specially crafted iMessage PDF attachment.
Federal Civilian Executive Branch (FCEB) agencies have been recommended to apply fixes for the aforementioned bugs by January 29, 2024, to secure their networks against active threats.
Fortinet FortiGuard Labs, in an updated advisory on January 16, said it “observed critical level of continued attacks on Adobe Coldfusion with IPS detections reaching up to 50,000+ unique detections.”
Report: Unveiling the Threat of Malicious Browser Extensions
Download the Report to learn the Risks of Malicious Extensions and How to Mitigate Them.
SaaS Security Masterclass: Insights from 493 Companies
Watch this webinar to discover Critical SaaS Security Do’s and Don’ts based on a study of 493 companies, offering real-world comparisons and benchmarks.
Key findings from a study of 493 companies: what worked, what didn’t. Apply insights to your SaaS strategy in 2024.
Firewalls & VPNs can’t keep up. Discover how Zero Trust minimizes risks. Join our webinar with Zscaler & revolutionize your security strategy.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE