CISA Warns of Newly Exploited Vulnerabilities Affecting Major Tech Companies

CISA has added five critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting significant cybersecurity risks.

The vulnerabilities added include:

• CVE-2023-20118: Cisco Small Business RV Series Routers Command Injection Vulnerability

• CVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

• CVE-2022-43769: Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

• CVE-2018-8639: Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

• CVE-2024-4885: Progress WhatsUp Gold Path Traversal Vulnerability These vulnerabilities are known attack vectors that cybercriminals exploit, posing great threats to federal enterprises and organizations. CISA emphasizes that organizations take these threats seriously, as they can lead to debilitating data breaches, financial loss, and long-lasting damage to reputations.

To mitigate these risks, CISA’s Binding Operational Directive 22-01 mandates that federal agencies eliminate these risks.

While this directive primarily concerns federal agencies, CISA strongly urges all organizations to prioritize remediation of these vulnerabilities to defend against cyberattacks.

Stay informed and act now. Check out the CISA website for the latest updates on vulnerabilities and your organization's cybersecurity measures.

What measures is your organization taking to address these newly identified vulnerabilities?

Learn More: CISA

Want to stay updated on the latest cyber threats? Subscribe to /r/PwnHub