U.S. federal agencies have experienced a significant reduction in known exploited security flaws across the networks since the release of the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog more than two years ago, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks targeting a high-severity use-after-free Adobe Acrobat Reader flaw, tracked as CVE-2023-21608, have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports The Hacker News.
Attacks leveraging a critical Apache RocketMQ flaw, tracked as CVE-2023-33246, to deploy the DreamBus botnet and a Monero miner have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, according to BleepingComputer.
Ongoing active abuse of a critical deserialization flaw in Adobe ColdFusion has prompted the security bug's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, according to The Hacker News.
Eight of the 131 vulnerabilities associated with ransomware not yet listed in the CISA Known Exploited Vulnerabilities (KEV) catalog are considered “most dangerous” because they could be easily exploited from initial access to exfiltration.