Skip to main content

Posts

Showing posts with the label April 23

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug.

#Information_is_Power . #we_inform_the_uninformed . Read more in this link. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The  three vulnerabilities  are as follows – CVE-2023-28432  (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability  CVE-2023-27350  (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136  (CVSS score – TBD) – Google Chrome Skia Integer Overflow Vulnerability “In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure,” MinIO maintainers  said in an advisory published on March 21, 2023. Data gathered by GreyNoise shows that as many as  18 unique malicious IP addresses from the U.S., the Netherlands, France, Japan, and Finland have  attempted to exploit  the flaw over th

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug.

#Information_is_Power . #we_inform_the_uninformed . Read more in this link. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The  three vulnerabilities  are as follows – CVE-2023-28432  (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability  CVE-2023-27350  (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136  (CVSS score – TBD) – Google Chrome Skia Integer Overflow Vulnerability “In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure,” MinIO maintainers  said in an advisory published on March 21, 2023. Data gathered by GreyNoise shows that as many as  18 unique malicious IP addresses from the U.S., the Netherlands, France, Japan, and Finland have  attempted to exploit  the flaw over th