U.S. Cybersecurity and Infrastructure Security Agency (CISA) has uncovered 66 new vulnerabilities that are exploited by attackers.<\/p>\n
The agency urged federal agencies to apply available patches before April 15, 2022, to limit the risk of the bugs being exploited.<\/p>\n
Based on evidence of active exploitation, the 66 bugs include current and older bugs in networking kit, several Windows bugs, and security appliances from D-Link, Cisco, Netgear, Citrix, Kuiper, Palo Alto, Sophos, Zyxel, and enterprise software from Oracle, OpenBSD, VMware, and others.<\/p>\n
Some of the vulnerabilities identified vulnerabilities include a flaw affecting Watch Guard’s Firefox and XTM appliances (CVE-2022-26318), and another flaw impacting Mitel’s MiCollab, MiVoice Business Express Access Control Vulnerability (CVE-2022-26143).<\/p>\n
Hackers exploited the Mitel bug to launch the TP240PhoneHome DDoS attack. A Windows Print Spooler Elevation of Privilege vulnerability, traced as CVE-2022-21999, has also been added to the list of bugs to be patched.<\/p>\n