Though it is not yet a matter of official policy, inside sources indicate CISA is weighing a three-day deadline for fixing critical vulnerabilities in federal government systems that have been observed being exploited elsewhere.
A new OpenSSH vulnerability discovered by threat researchers is the biggest security issue to appear in the utility suite in about two decades. The bug is an unauthenticated RCE vulnerability that builds on a prior issue that was patched out in 2006.
MiCODUS MV720 vehicle GPS tracker has sold some 1.5 million units across 169 countries and used in military vehicles, government cars, etc. Of the six serious vulnerabilities, one is a hard-coded password that allows anyone to send commands to the GPS units.
Microsoft says many IoT and operational technology devices suffer from 25 IoT security critical vulnerabilities originating from vulnerable SDKs, RTOS, and the C standard library.
NCC Group and Bad Packets detected cyber attacks targeting F5 critical vulnerabilities after proof-of-concept code and patches were released. CISA advised users to prioritize the installation of updates.
