The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities exploited in attacks as zero-day to its list of bugs known to be abused in the wild.
Microsoft patched all three earlier this week as part of the February 2022 Patch Tuesday and classified them as zero-days that were abused in attacks before a fix was available.
Today, CISA added another flaw, a critical pre-auth command injection bug (CVE-2022-46169) in the Cacti network operations framework that threat actors abused to deliver malware.
Microsoft released its batch of monthly security updates this month covering 73 vulnerabilities, including two zero-day flaws exploited in the wild. While organizations should prioritize all critical and high-risk issues, there is one critical vulnerability in Outlook that researchers claim could open the door to trivial attacks that result in remote code execution.Read More
Microsoft on Tuesday rolled out a massive batch of security-themed software updates and called urgent attention to at least three vulnerabilities being exploited in live malware attacks. The world’s largest software maker documented 72 security vulnerabilities in the Windows ecosystem and warned users of the risk of remote code execution, security feature bypass, information disclosure and privilege escalation attacks.Read More
The Cybersecurity and Infrastructure Security Agency , National Security Agency , Federal Bureau of Investigation , and other authoring agencies have released a joint guidance about common living off the land techniques and common gaps in cyber defence capabilities.Read More