Seven actively abused Linux-related security flaws, most of which are years old, have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, according to SiliconAngle.
Included in the newly added vulnerabilities are a multiple cross-site forgery request and remote code execution vulnerability in Ruckus Wireless Products, tracked as CVE-2023-25717; an incorrect authorization flaw in Red Hat Polkit, tracked as CVE-2021-3560; an Apache Tomcat RCE, tracked as CVE-2016-8735; an Oracle Java SE and JRockit unspecified bug, tracked as CVE-2016-3427; a user interface information disclosure flaw in Jenkins, tracked as CVE-2015-5317; a Linux Kernel race condition bug, tracked as CVE-2014-0196; and an improper input validation flaw in Linux Kernel, tracked as CVE-2010-3904.
The recent inclusion of a 13-year-old vulnerability in CISA's KEV catalog has been noted as unusual by Vulcan Cyber Senior Technical Engineer Mike Parkin, while Viakoo CEO Bud Broomhead said that the newly added flaws indicate increased targeting of open source software, IoT, and industrial control systems in attacks.
Cyberattack disclosed by HTC Global Services following ALPHV/BlackCat leak After having its data exposed by the ALPHV/BlackCat ransomware attack, IT and business process services provider HTC Global Services has disclosed being impacted by a cyberattack, reports BleepingComputer.
Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news