CISA Detects Many New Cyber Security Vulnerabilities

Uploaded on 2022-07-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Cyber security issues are becoming a day-to-day issue for businesses, and the latest cyber security statistics reveal a huge increase in hacked and breached data. Attacks are now increasingly common in the workplace on mobile and IoT devices.

“Organisations around the world responded to the threat of COVID-19 by implementing stay-at-home policies. This resulted in a dramatic increase in employees collaborating using Microsoft Office 365 and other cloud-based software, while also accessing more resources through company VPNs.,” according to the 2021 Data Risk Report from Varonis.

“The abrupt nature of this transition forced many companies to step into the cloud without proper cyber security preparedness, inadvertently increasing their attack surface as employees logged in through unsecured networks and home computers... The risk increases exponentially when companies have obvious gaps like passwords that never expire and folders containing sensitive data open to every employee.” Varonis said.

Now, the United States Cybersecurity and Infrastructure Agency (CISA) has added 36 new flaws to its catalog of vulnerabilities that are known to be exploited by cyber criminals. Flaws in Microsoft, Google, Adobe, Cisco, Netgear, QNAP and other products have been added to known exploited vulnerabilities catalog.

“CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise."

The CISA Alert warns that the vulnerabilities are a frequent attack vector for malicious attackers and pose "significant risk". Organisations, particularly those associated with the US federal government, are urged to apply security updates as soon as possible.

"CISA strongly urges all organisations to reduce their exposure to cyberattacks by prioritising timely remediation of catalog vulnerabilities as part of their vulnerability management practice," said CISA.

Among the 36 vulnerabilities that have been added are vulnerabilities in software and products from Microsoft, Google, Adoble, Cisco, Netgear, QNAP and others. 

  • Microsoft:    Vulnerabilities in Microsoft products include CVE-2012-4969, a vulnerability in Internet Explorer that allows remote execution of code, and CVE-2013-1331, a buffer overflow vulnerability in Microsoft Office that allows cyber criminals to launch remote attacks.

CVE-2012-0151, a flaw in the Authenticode Signature Verification function in Microsoft Windows that allows user-assisted attackers to execute remote code, has also been added to the catalog.

  • Google:   The CISA alert also addresses several vulnerabilities in Google's Chromium V8 Engine, including CVE-2016-1646 and CVE-2016-5198, which allow remote attackers to cause a denial of service, as well as flaws like CVE-2018-17463 and CVE-2017-5070, which, if left unpatched, allow attackers to remotely execute code that they could exploit to access networks.
  • Adobe:   Several vulnerabilities in Adobe software have been added to the catalog, including CVE-2009-4324, a flaw in Adobe Acrobat and Reader, which allows remote attackers to execute code via a crafted PDF file, and CVE-2010-1297, a memory corruption vulnerability in Adobe Flash Player that allows remote attackers to execute code or cause denial of service.
  • Netgear:   Several flaws in routers and other Internet connected devices have also been added to CISA's catalog, including CVE-2017-6862, which is a buffer overflow vulnerability in multiple Netgear devices that allows for authentication bypass and remote code execution, and CVE-2019-15271, a flaw in Cisco RV series routers that could allow an attacker to execute code with root privileges.

CISA also warns about a number of vulnerabilities in QNAP products, including CVE-2019-7192, a flaw in QNAP Network Attached Storage (NAS) devices running Photo Station, which contains an improper access control vulnerability allowing remote attackers to gain unauthorised access to the system. 

The full list of all 36 vulnerabilities is detailed in CISA’s known exploited vulnerabilities catalog.and CISA strongly advise users to promptly apply updated patches as the best ways to stay protected from cyber attacks.

CISA:      CISA:      National Cybersecurity News:     ZDNet:      Varonis:     Forbes:  

You Might Also Read: 

CISA Detect Vulnerabilities In VMWare Products:

 

« Future Phishing Attacks Will Use Generative Machine Learning
Bluetooth Devices Can Covertly Track Mobile Users »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

National Center for Manufacturing Sciences (NCMS) - USA

National Center for Manufacturing Sciences (NCMS) - USA

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Endari

Endari

Endari specializes in building cybersecurity maturity within the operational DNA of early-stage startups and SMBs.