CISA’s Hall of Shame: New Vulnerabilities You Didn’t Want to Know About!
CISA adds BeyondTrust PRA and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. These vulnerabilities allow attackers to execute malicious commands or escalate privileges. Federal agencies have until February 3, 2025, to fix these issues. Private organizations are also advised to review and address the vulnerabilities.
Hot Take:
Well, it looks like CISA is at it again, telling everyone what’s hot and what’s not in the world of exploited vulnerabilities. BeyondTrust and Qlik Sense decided to join the party this time, bringing with them the kind of flaws that make hackers do a happy dance. It’s a bit like finding out your secret stash of cookies has been compromised by the neighborhood cookie monster, but hey, at least CISA’s got your back with a to-do list! So, buckle up, IT folks, it’s time to patch things up faster than a sitcom dad trying to fix a leaky faucet!
Key Points:
– CISA adds BeyondTrust PRA, RS, and Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog.
– BeyondTrust flaw (CVE-2024-12686) is an OS Command Injection vulnerability with a CVSS score of 6.6.
– Qlik Sense flaw (CVE-2023-48365) is an HTTP Tunneling Vulnerability with a CVSS score of 9.6.
– Federal agencies are mandated to address these vulnerabilities by February 3, 2025.
– Recent cyberattacks involved these vulnerabilities, affecting entities like the U.S. Treasury Department.