From Apache to Apple: A Comical Look at Cybersecurity’s Newest Hall of Shame

Brace yourselves! CISA’s “Known Exploited Vulnerabilities” hall of shame just welcomed six new members. Apache, Adobe, Apple, D-Link, and Joomla, you’re up! While we all have off days, these software giants have until 2024 to fix these bugs. Let’s just hope they don’t follow the motto: “Why do today what you can postpone till tomorrow?”

Hot Take:

Well, it seems like CISA’s “Known Exploited Vulnerabilities” catalog has just gained six more members. It’s like a club nobody wants to be in, but it’s growing regardless. The new hall of famers include our old friends Apache, Adobe, Apple, D-Link, and Joomla. Guys, you had one job: Keep the cyber baddies out. But hey, who’re we to judge? We all have our off days, right?

Key Points:

  • CISA added six more vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog. They’ve been playing ‘spot the vulnerability’ and it seems like it’s been a fruitful game.
  • The vulnerabilities affect Apache Superset, Adobe ColdFusion, Apple’s multiple products, D-Link DSL-2750B devices, and Joomla. Quite a diverse group, if you ask me.
  • One of these threats has been used in the wild in ‘Operation Triangulation’ spyware attacks. Sounds like a spy movie, doesn’t it?
  • Agencies have until January 29, 2024, to apply fixes for these bugs. The countdown begins now.
  • While these vulnerabilities have been identified, it’s still unclear how they’re being exploited. It’s like knowing the murder weapon but not the method. Intriguing!

Need to know more?

A Superset of Problems

Apache Superset, the open-source data visualization software, has a high-severity vulnerability that could enable remote code execution. It's like giving your car keys to a stranger and saying, "Take it for a spin!" This issue was fixed in version 2.1, so if you haven't updated yet, what are you waiting for?

Adobe's Cold Shoulders

Adobe ColdFusion is also on the list, with two vulnerabilities related to the deserialization of untrusted data. It's as if Adobe was too trusting, accepting any data that comes its way. Two lessons here, folks: don't trust easily and always validate your data.

Apple's not-so-golden Delicious

Apple has a code execution vulnerability that was exploited in 'Operation Triangulation' spyware attacks. If you think that sounds cool, remember that this is a bad thing. The good news is, Apple has patched it in iOS 15.7.8 and iOS 16.3. If you're an Apple user, go update your devices right now.

D-Link's DSL-ing into Trouble

D-Link DSL-2750B devices have a command injection vulnerability. It's like someone figured out the magic words to control your devices. And no, it's not "please" or "thank you."

Joomla's Improper Access Control

Lastly, Joomla! has an improper access control vulnerability. It seems like someone forgot to check the guest list at the door. But don't worry, Joomla! is working on it.

Remember, the Federal Civilian Executive Branch (FCEB) agencies need to apply fixes for these bugs by January 29, 2024. No pressure, right? But seriously, patching these vulnerabilities is crucial to secure networks against active threats. Because the only thing worse than finding a vulnerability is not doing anything about it.

Tags: Adobe ColdFusion, Apache Superset, Apple iOS, cisa, D-Link, Joomla, Operation Triangulation