Privacy Ninja

CISA Warns Orgs to Patch Actively Exploited Chrome, Redis Bugs

CISA Warns Orgs to Patch Actively Exploited Chrome, Redis Bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks.

According to a Google advisory published on Friday, the Chrome zero-day security flaw (tracked as CVE-2022-1096) is a high severity type confusion weakness in the Chrome V8 JavaScript engine that could allow threat actors to execute arbitrary code on targeted devices.

The Muhstik malware gang has added a dedicated spreader exploit for the Redis Lua sandbox escape vulnerability (tracked as CVE-2022-0543) after a proof-of-concept (PoC) exploit was publicly released on March 10th.

Also Read: 7 Simple Tips On How To Create A Good Business Card Data

According to a binding operational directive (BOD 22-01) issued in November, Federal Civilian Executive Branch Agencies (FCEB) agencies must secure their systems against these vulnerabilities, with CISA giving them until April 18th to patch.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the U.S. cybersecurity agency explained.

CISA added 30 more vulnerabilities to its Known Exploited Vulnerabilities Catalog today based on evidence that they are also exploited in the wild.

Although BOD 22-01 only applies to FCEB agencies, CISA also urges private and public sector orgs to prioritize mitigation of these flaws to reduce exposure to ongoing cyberattacks.

Hundreds of security flaws under active exploitation

CISA has added hundreds of vulnerabilities to its catalog of actively exploited bugs this year, ordering federal agencies to patch them as soon as possible to avoid security breaches.

Also Read: How Bank Disclosure Of Customer Information Work For Security

Last Friday, the agency added 66 other bugs exploited in attacks, including a Windows Print Spooler bug (CVE-2022-21999), allowing code execution as SYSTEM.

CISA also added a Mitel TP-240 VoIP interface flaw (CVE-2022-26143) exploited for record-breaking DDoS attack amplification with ratios of roughly 4.3 billion to 1.

Since the start of 2022, the cybersecurity agency has ordered federal civilian agencies to patch actively exploited vulnerabilities in:



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us