The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified active exploitation of newly added vulnerabilities in the KEV catalog, urging prompt remediation.
CVE-2024-20767, found in Adobe ColdFusion, allows attackers to modify restricted files via an exposed admin panel. It's crucial for security teams to address this immediately.
The FBI has reported HiatusRAT campaigns targeting IoT devices, leveraging multiple vulnerabilities that remain unpatched, emphasizing the urgent need for device owners to secure their networks.
With proof-of-concept exploits being publicly available for the addressed vulnerabilities, it is imperative for Federal Civilian Executive Branch agencies to implement security measures by early January 2025.
Collection
[
|
...
]