The US government’s cybersecurity agency CISA on Thursday added another batch of security flaws to its Known Exploited Vulnerabilities (KEV) catalog and urged federal agencies to patch these issues as a matter of urgency.
The already exploited vulnerabilities affect users of the open-source Roundcube webmail server and VMware Aria Operations for Networks.
Exploitation of the open-source mail server Roundcube flaws has been linked to Russian state-sponsored attacks against the Ukrainian government and other high-profile entities in the country.
Threat intelligence firm Recorded Future and Ukraine’s Computer Emergency Response Team (CERT-UA) have attributed the attacks to APT28, a notorious threat actor actor believed to be linked to Russia’s GRU military spy unit.
Tracked as CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026, the exploited flaws are described as cross-site scripting (XSS), remote code execution (RCE), and SQL injection bugs, respectively. Patches and mitigations have been available since at least 2021.
The VMware Aria Operations for Networks vulnerability, tracked as CVE-2023-20887 (CVSS severity score 9.8/10), is a command injection flaw that exposes unpatched systems to remote code execution exploits.
The flaw was patched in early June, but VMware updated its advisory this week to warn of in-the-wild exploitation reported by threat intelligence firm GreyNoise.
In addition to these four issues, CISA expanded its KEV catalog with two older bugs in Mozilla Firefox (CVE-2016-9079) and Microsoft Windows’ kernel-mode driver (CVE-2016-0165).
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned.
Per Binding Operational Directive (BOD) 22-01, federal agencies are required to identify and patch the vulnerabilities in CISA’s ‘Must Patch’ list within three weeks after they were added to the catalog. In this case, the six bugs should be addressed by July 13, 2023.
Related: Russian APT Caught Hacking Roundcube Email servers
Related: Zimbra Flaw Exploited by Russia Added to CISA ‘Must Patch’ List
Related: CISA Warns of Plex Vulnerability Linked to LastPass Hack
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
