CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-32409 Apple Multiple Products WebKit Sandbox Escape Vulnerability
CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVE-2023-32373 Apple Multiple Products WebKit Use-After-Free Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Microsoft indica un crecimiento de 38% de ataques dirigidos mediante correo electrónico
Como parte de su informe trimestral sobre amenazas, “Cyber Signals” Microsoft revela un aumento en la actividad cibercriminal, en ataques que comprometen el correo electrónico corporativo o BEC, por sus siglas en inglés. Este aumento, según indica Microsoft, seria de un 38% en el Cybercrime-as-a-Service (CaaS), teniendo como medio de difusión, correos electrónicos empresariales. El […]
PharMerica: Filtración de datos afecta a casi 6 millones de particulares
Uno de los más grandes proveedores de servicios farmacéuticos en Estados Unidos ha declarado haber sido víctima un ataque de ransomware, el 14 de marzo de 2023, dirigido por el grupo criminal denominado “Money Message”. En abril de 2023, el grupo de ransomware denominado “Money Message” anunció haber violado los sistemas de PharMerica, así como […]
KeePass vulnerability puts master passwords at risk
A proof-of-concept (PoC) tool called “KeePass 2.X Master Password Dumper” would allow to obtain the KeePass master key, making use of the vulnerability tracked as CVE-2023-32784. Security researcher Vdohney has released a PoC tool called KeePass 2.X Master Password Dumper. This tool exploits the vulnerability tracked as CVE-2023-32784, which allows an attacker to retrieve the […]
Vulnerabilidad en KeePass pone en riesgo contraseñas maestras
Una herramienta de pruebas de conceptos (PoC) denominada “KeePass 2.X Master Password Dumper” permitiría obtener la llave maestra de KeePass, haciendo uso de la vulnerabilidad rastreada como CVE-2023-32784. El investigador de seguridad Vdohney, ha liberado una herramienta de PoC denominada KeePass 2.X Master Password Dumper. Esta herramienta se aprovecha de la vulnerabilidad rastreada como CVE-2023-32784, […]