Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMware
Critical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructures
CISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability management.
On July 17, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) added three new critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerabilities affect Adobe Commerce and Magento Open Source (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995), and VMware vCenter Server (CVE-2022-22948). These flaws represent preferred entry points for malicious actors and pose a significant risk to federal infrastructure. CISA urged all organizations, not just Federal Civilian Executive Branch (FCEB) agencies subject to Binding Operational Directive BOD 22-01, to promptly patch these vulnerabilities to mitigate cyber threats.
Addition of a critical vulnerability
On July 15, 2024, a new critical vulnerability was listed in CISA's Known Exploited Vulnerabilities Catalog, following evidence of active exploitation. This isCVE-2024-36401 , which affects OSGeo GeoServer GeoTools and involves an Eval Injection vulnerability. The inclusion of this threat highlights the importance of continuous monitoring and proactive management of cyber vulnerabilities. Known and actively exploited vulnerabilities represent a high risk and require immediate and specific interventions to protect both federal and non-federal infrastructure.
Advisory on industrial control systems
On July 16, 2024, CISA published an advisory regarding industrial control systems (ICS) with technical details and mitigation measures. Among these, advisory ICSA-24-198-01 focuses on Rockwell Automation Pavilion 8. ICS advisories are essential to protect critical infrastructure, which is critical to various industries such as energy, water, transportation and manufacturing. CISA encourages users and administrators to review the new advisories to understand the vulnerabilities and apply appropriate security measures to prevent potential exploits.
Importance of proactive vulnerability management
CISA's updates to its vulnerability catalog and release of industrial control systems advisories highlight the importance of proactive vulnerability management for protecting critical infrastructure. Organizations must prioritize fixing known vulnerabilities to protect their networks from cyber attacks. Staying up to date on the latest threats and applying available patches promptly is crucial to maintaining a secure environment and reducing the attack surface. Vulnerability management is not only a technical issue, but also an indispensable security strategy to prevent cyber incidents.
Follow us on Threads for more pills like this07/22/2024 07:57
Marco Verro