AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMware

Critical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructures

CISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability management.

This pill is also available in Italian language

On July 17, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) added three new critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerabilities affect Adobe Commerce and Magento Open Source (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995), and VMware vCenter Server (CVE-2022-22948). These flaws represent preferred entry points for malicious actors and pose a significant risk to federal infrastructure. CISA urged all organizations, not just Federal Civilian Executive Branch (FCEB) agencies subject to Binding Operational Directive BOD 22-01, to promptly patch these vulnerabilities to mitigate cyber threats.

Addition of a critical vulnerability

On July 15, 2024, a new critical vulnerability was listed in CISA's Known Exploited Vulnerabilities Catalog, following evidence of active exploitation. This isCVE-2024-36401 , which affects OSGeo GeoServer GeoTools and involves an Eval Injection vulnerability. The inclusion of this threat highlights the importance of continuous monitoring and proactive management of cyber vulnerabilities. Known and actively exploited vulnerabilities represent a high risk and require immediate and specific interventions to protect both federal and non-federal infrastructure.

Advisory on industrial control systems

On July 16, 2024, CISA published an advisory regarding industrial control systems (ICS) with technical details and mitigation measures. Among these, advisory ICSA-24-198-01 focuses on Rockwell Automation Pavilion 8. ICS advisories are essential to protect critical infrastructure, which is critical to various industries such as energy, water, transportation and manufacturing. CISA encourages users and administrators to review the new advisories to understand the vulnerabilities and apply appropriate security measures to prevent potential exploits.

Importance of proactive vulnerability management

CISA's updates to its vulnerability catalog and release of industrial control systems advisories highlight the importance of proactive vulnerability management for protecting critical infrastructure. Organizations must prioritize fixing known vulnerabilities to protect their networks from cyber attacks. Staying up to date on the latest threats and applying available patches promptly is crucial to maintaining a secure environment and reducing the attack surface. Vulnerability management is not only a technical issue, but also an indispensable security strategy to prevent cyber incidents.

Follow us on Threads for more pills like this

07/22/2024 07:57

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon