• Latest
  • Trending
CISA adds 66 vulnerabilities to list of bugs exploited in attacks

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

April 22, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 18 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

by ITECHNEWS
April 22, 2022
in Infosec, Leading Stories
0 0
0
CISA adds 66 vulnerabilities to list of bugs exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of ‘Known Exploited Vulnerabilities.’

These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

In this case, CISA gives federal agencies until April 15, 2022, to patch the listed vulnerabilities and reduce the risk of falling victim to cyberattacks.

The new set of 66 actively exploited vulnerabilities published by CISA spans disclosure dates between 2005 and 2022, covering a broad spectrum of software and hardware types and versions.

The Mitel CVE-2022-26143 and Windows CVE-2022-21999 vulnerabilities disclosed in February are two particularly interesting bugs.

Microsoft fixed the CVE-2022-21999 Windows Print Spooler bug in the February 2022 Patch Tuesday updates, and threat actors had not actively exploited it at the time. The vulnerability allows attackers to achieve code execution as SYSTEM, the highest Windows privileges when exploited.

The Mitel CVE-2022-26143 bug affects devices using a vulnerable driver (TP-240), including MiVoice Business Express and MiCollab.

This flaw allows a record-breaking DDoS amplification ratio of about 4.3 billion to 1, using a method of internal reflection.

Akamai, the company that discovered the Mitel bug, has already reported attacks in the wild beginning last February, targeting governments, financial institutions, and internet service providers.

Additionally, the set contains a 2005 RCE flaw on Hewlett Packard OpenView, a 2009 buffer overflow on Adobe Reader and Acrobat, a 2009 RCE on phpMyAdmin, and another 23 flaws dating between 2010 and 2016.

The addition of these 66 vulnerabilities at this time doesn’t necessarily mean that CISA’s analysts just spotted their active exploitation in the wild.

Quite possibly, the agency is publishing new sets with intervals between them to not overwhelm system administrators, striving for a balance between practical constraints and best security practices.

Another possible explanation for the addition of such old vulnerabilities in the catalog could be that they’re leveraged in new exploit chains that are applicable today, suddenly transcending from obsolescence to relevance.

However, the list shows us how quickly threat actors begin targeting a vulnerability once a vendor discloses it.

For example, the Windows Print Spooler CVE-2022-21999 vulnerability, the Mitel DDoS CVE-2022-26143 amplification vulnerability, and the CVE-2022-26318 WatchGuard vulnerabilities were disclosed in February and were quickly exploited by threat actors.

Due to this, it is critical for admins to apply security updates as soon as possible to prevent their exploitation, especially on internet-exposed devices.

Due to the large number of flaws comprising the latest set, CISA hasn’t supplied the usual summary table, so system administrators will have to review the new entries on the catalog, which now counts a total of 570 vulnerabilities.

Once at the catalog, you can click on the ‘Date Added’ column header to sort by the most recently added vulnerabilities.

Source: Bill Toulas
Via: bleepingcomputer
Tags: CISA adds 66 vulnerabilities to list
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version