• Latest
  • Trending
CISA: Patch actively exploited Firefox zero-days until March 21st

CISA: Patch actively exploited Firefox zero-days until March 21st

March 8, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 5 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

CISA: Patch actively exploited Firefox zero-days until March 21st

by ITECHNEWS
March 8, 2022
in Leading Stories, Tech
0 0
0
CISA: Patch actively exploited Firefox zero-days until March 21st

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks.

According to a Mozilla advisory published over the weekend, the two bugs (tracked as CVE-2022-26485 and CVE-2022-26486) are Use After Free flaws that allow attackers to trigger crashes and execute maliciously crafted code on targeted devices.

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

They’re rated as critical severity because they could let attackers execute almost any command on systems running vulnerable versions of Firefox, including downloading malware that would give them further access to the device.

Mozilla said it received “reports of attacks in the wild” abusing the two vulnerabilities, likely used for remote code execution (CVE-2022-26485) and escaping the browser sandbox (CVE-2022-26486).

According to a binding operational directive (BOD 22-01) issued in November, Federal Civilian Executive Branch Agencies (FCEB) agencies are now required to secure their systems against these vulnerabilities, with CISA giving them until March 21st to apply patches.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the US cybersecurity agency explained.

CISA added nine other vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence that threat actors are also actively exploiting them in the wild.

One of them tracked as CVE-2021-21973, impacts VMware vCenter servers, leads to information disclosure, and also has to be patched within two weeks.

CVE ID  Vulnerability Name  Due Date 
CVE-2022-26486 Mozilla Firefox Use-After-Free Vulnerability 03/21/22
CVE-2022-26485 Mozilla Firefox Use-After-Free Vulnerability 03/21/22
CVE-2021-21973 VMware vCenter Server, Cloud Foundation Server Side Request Forgery (SSRF) 03/21/22
CVE-2020-8218 Pulse Connect Secure Code Injection Vulnerability 09/07/22
CVE-2019-11581 Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability 09/07/22
CVE-2017-6077 NETGEAR DGN2200 Remote Code Execution Vulnerability 09/07/22
CVE-2016-6277 NETGEAR Multiple Routers Remote Code Execution Vulnerability 09/07/22
CVE-2013-0631 Adobe ColdFusion Information Disclosure Vulnerability 09/07/22
CVE-2013-0629 Adobe ColdFusion Directory Traversal Vulnerability 09/07/22
CVE-2013-0625 Adobe ColdFusion Authentication Bypass Vulnerability 09/07/22
CVE-2009-3960 Adobe BlazeDS Information Disclosure Vulnerability 09/07/22

Even though BOD 22-01 only applies to FCEB agencies, CISA strongly urged all other private and public sector orgs to reduce their exposure to ongoing cyberattacks by prioritizing mitigation of these security flaws.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” CISA added.

CISA has added hundreds of vulnerabilities to its catalog of actively exploited bugs this year, ordering federal agencies to patch them as soon as possible to avoid security breaches.

Just last week, on Friday, the agency added 95 bugs to the list, eight of them with high critical severity scores of at least 9.8 and impacting Cisco, Apache, and Exim products.

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: Firefox zero-days until March 21st
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version