Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
Why are these mistakes the last straw for U.S. organizations?
The US Cybersecurity and Infrastructure Protection Agency (CISA) has issued a warning about three dangerous vulnerabilities that are actively exploited by attackers. These bugs threaten many popular programs and systems, posing serious risks to organizations and users.
The first vulnerability, CVE-2016-3714 (CVSS score: 8.4), affects ImageMagick, a popular software package for working with images. The problem is related to insufficient validation of input data, which leads to the possibility of arbitrary code execution in the system when processing a specially created image.
The second vulnerability, CVE-2017-1000253 (CVSS score: 7.8), was discovered in the Linux kernel. It is related to stack buffer corruption in the load_elf_binary() function. Exploitation of this bug could allow a local attacker to escalate privileges and gain unauthorized access to important system data.
The third vulnerability, CVE-2024-40766 (CVSS score: 9.8), affects the SonicWall SonicOS operating system, which is used in firewalls. An access control bug allows attackers to gain access to system resources and cause a firewall to malfunction. Despite the lack of information about possible cases of exploitation of the vulnerability in attacks, its impact on network security remains critical.
CISA recommends urgently installing updates from developers or refusing to use vulnerable software if there are no fixes. The deadline for the implementation of the measures is until September 30, 2024.
The agency emphasizes the need for prompt implementation of protection measures and updates. Organizations are advised not to delay updating their systems to prevent possible cyberattacks and data breaches.
Source
The US Cybersecurity and Infrastructure Protection Agency (CISA) has issued a warning about three dangerous vulnerabilities that are actively exploited by attackers. These bugs threaten many popular programs and systems, posing serious risks to organizations and users.
The first vulnerability, CVE-2016-3714 (CVSS score: 8.4), affects ImageMagick, a popular software package for working with images. The problem is related to insufficient validation of input data, which leads to the possibility of arbitrary code execution in the system when processing a specially created image.
The second vulnerability, CVE-2017-1000253 (CVSS score: 7.8), was discovered in the Linux kernel. It is related to stack buffer corruption in the load_elf_binary() function. Exploitation of this bug could allow a local attacker to escalate privileges and gain unauthorized access to important system data.
The third vulnerability, CVE-2024-40766 (CVSS score: 9.8), affects the SonicWall SonicOS operating system, which is used in firewalls. An access control bug allows attackers to gain access to system resources and cause a firewall to malfunction. Despite the lack of information about possible cases of exploitation of the vulnerability in attacks, its impact on network security remains critical.
CISA recommends urgently installing updates from developers or refusing to use vulnerable software if there are no fixes. The deadline for the implementation of the measures is until September 30, 2024.
The agency emphasizes the need for prompt implementation of protection measures and updates. Organizations are advised not to delay updating their systems to prevent possible cyberattacks and data breaches.
Source
