Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Adds New Vulnerabilities to KEV Catalog

July 23, 2024
Reading Time: 2 mins read
in Alerts
CISA Adds New Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with two new security flaws that are currently being exploited. The first vulnerability, CVE-2012-4792, is a use-after-free issue in Microsoft Internet Explorer. This flaw, which has been known for over a decade, could allow attackers to execute arbitrary code through a specially crafted website. Although it was previously exploited in targeted attacks against specific organizations, it is unclear if it has seen renewed exploitation recently.

The second vulnerability listed, CVE-2024-39891, affects Twilio’s Authy service. This flaw, with a CVSS score of 5.3, involves an information disclosure issue that occurs through an unauthenticated endpoint. Attackers could exploit this vulnerability to obtain information about whether a phone number is registered with Authy. Twilio has addressed this issue in recent updates to its mobile applications, but it was previously exploited to gather data on Authy accounts.

CISA’s advisory highlights the critical nature of these vulnerabilities, stressing that they are frequent targets for malicious actors and pose serious risks to cybersecurity. Federal Civilian Executive Branch (FCEB) agencies are mandated to address these vulnerabilities by August 13, 2024, to protect their networks from potential threats.

The inclusion of these vulnerabilities in the KEV catalog underscores the ongoing challenge of securing systems against both longstanding and emerging threats. Agencies and organizations are encouraged to implement necessary patches and safeguards promptly to mitigate the risks associated with these vulnerabilities.

Reference:
  • CISA Adds Two Vulnerabilities to Known Exploited Vulnerabilities Catalog for Immediate Action
Tags: CISACyber AlertsCyber Alerts 2024Cyber threatsInternet ExplorerJuly 2024MicrosoftVulnerabilities
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial