US Security agency warns hackers are exploiting Microsoft, Apple bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are now taking advantage of vulnerabilities coming from top tech companies like Microsoft, Oracle, Apache and Apple, among others. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” CISA said in a statement.
CISA added 15 major flaws to its “Known Exploited Vulnerabilities Catalog”, which the US cyber security arm releases every year. Most of the vulnerabilities were disclosed in 2014, 2015, 2016, 2017, 2018 and 2020. These exploits impact Windows, Jenkins, Apache Struts and ActiveMQ, Oracle’s WebLogic, Microsoft Office, D-Link routers, and Apple’s OS X operating system.
The most recent Microsoft vulnerability CVE-2021-36934, that Microsoft patched in August 2021 was also added to the l. CVE is short for Common Vulnerabilities and Exposures. It is a l of publicly disclosed computer security flaws. It should be noted that Microsoft had initially released workarounds and mitigations in July 2021, when the issue was disclosed.
According to CISA, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting.
“The catalog is a living l of known CVEs that carry significant risk to the federal enterprise. It requires FCEB agencies to remediate identified vulnerabilities the due date to protect FCEB networks against active threats,” said the CISA.
Meanwhile, CISA has strongly urged all organisations to reduce their exposure to cyberattacks “prioritising timely remediation of vulnerabilities as part of their vulnerability management practice.”
Few days ago, CISA along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory outlining the growing international threat posed ransomware over the past year.
The advisory titled “2021 Trends Show Increased Globalised Threat of Ransomware” said ” cybercriminals are increasingly gaining access to networks via phishing, stolen Remote Desktop Protocols (RDP) credentials or brute force, and exploiting software vulnerabilities. “