Hackers exploiting new Microsoft, Oracle, Apple bugs: US agency

San Francisco, Feb 13 (IANS): The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are actively exploiting new vulnerabilities coming from top tech companies like Microsoft, Oracle, Apache and Apple, among others.

The national cyber-security agency listed 15 vulnerabilities based on evidence that threat actors are actively exploiting them.

These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

One of the vulnerabilities, a Microsoft Windows SAM local privilege escalation vulnerability, has a remediation date of February 24.

"The catalog is a living list of known CVEs that carry significant risk to the federal enterprise. It requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats," said the CISA.

The CISA strongly urged all organisations to reduce their exposure to cyberattacks by prioritising timely remediation of vulnerabilities as part of their vulnerability management practice.

"CISA will continue to add vulnerabilities to the catalog that meet the meet the specified criteria," it added.

Meanwhile, the agency said that in 2021, cybersecurity authorities in the US, Australia and the UK observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors.

"Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organisations globally," it warned.

The market for ransomware became increasingly "professional" in 2021, and the criminal business model of ransomware is now well established.

In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors employed independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals.



Top Stories

Leave a Comment

Title: Hackers exploiting new Microsoft, Oracle, Apple bugs: US agency

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.