Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    What's Hot

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Home»Cyber Security»U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
    Cyber Security

    U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

    justmattgBy justmattgJune 25, 2023No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    [ad_1]

    Jun 24, 2023Ravie LakshmananThreat Intel / Zero Day

    Known Exploited Vulnerabilities Catalog

    The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

    This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel devices (CVE-2023-27992).

    CVE-2023-32434 and CVE-2023-32435, both of which allow code execution, are said to have been exploited as zero-days to deploy spyware as part of a years-long cyber espionage campaign that commenced in 2019.

    Cybersecurity

    Dubbed Operation Triangulation, the activity culminates in the deployment of TriangleDB that’s designed to harvest a wide range of information from compromised devices, such as creating, modifying, removing, and stealing files, listing and terminating processes, gathering credentials from iCloud Keychain, and tracking a user’s location.

    The attack chain begins with the targeted victim receiving an iMessage with an attachment that automatically triggers the execution of the payload without requiring any interaction, making it a zero-click exploit.

    “The malicious message is malformed and does not trigger any alerts or notifications for [the] user,” Kaspersky noted in its initial report.

    CVE-2023-32434 and CVE-2023-32435 are two of many vulnerabilities in iOS that have been abused in the espionage attack. One among them is CVE-2022-46690, a high-severity out-of-bounds write issue in IOMobileFrameBuffer that could be weaponized by a rogue app to execute arbitrary code with kernel privileges.

    The weakness was remediated by Apple with improved input validation in December 2022.

    Kaspersky flagged TriangleDB as containing unused features referencing macOS as well as permissions seeking access to the device’s microphone, camera, and the address book that it said could be leveraged at a future date.

    The Russian cybersecurity company’s investigation into Operation Triangulation began at the start of the year when it detected the compromise in its own enterprise network.

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply vendor-provided patches to secure their networks against potential threats.

    The development comes as CISA issued an alert warning of three bugs in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could pave the way for a denial-of-service (DoS) condition.

    The flaws – CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911 (CVSS scores: 7.5) – could be exploited remotely, resulting in the unexpected termination of the named BIND9 service or exhaustion of all available memory on the host running named, leading to DoS.

    This is the second time in less than six months that the Internet Systems Consortium (ISC) has released patches to resolve similar issues in BIND9 that could cause DoS and system failures.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBlackLotus BootKit Patching Won’t Prevent Compromise
    Next Article Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Demo
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    [mc4wp_form id=3515]
    Demo
    Top Posts

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Latest Reviews
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    justmattgApril 16, 2024

    [ad_1] Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover…

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Demo
    MOST POPULAR

    Name That Toon: Last Line of Defense

    April 16, 2024

    California mountain lion P-22 left mark on wildlife conservation

    January 1, 2023

    Congress Again Writes To Home Minister Amit Shah Over Rahul Gandhi’s Security

    January 1, 2023
    OUR PICKS

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑