Vulnerability Management

Updated CISA Exploited Vulnerabilities Catalog Includes Internet Explorer, Twilio Authy Bugs

“The fifth highest-paying certification is also from ISACA, and this one is for IS auditors,” said Hales. “CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security ...

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include an old critical use-after-free flaw impacting Internet Explorer, tracked as CVE-2012-4792, and a medium severity information disclosure bug affecting Twilio Authy, tracked as CVE-2024-39891, with federal agencies urged to remediate both security issues by August 13, The Hacker News reports.

Even though there has been no clear evidence indicating ongoing active exploitation of CVE-2012-4792, the vulnerability, which could enable remote execution of arbitrary code, had been leveraged in watering hole attacks deployed against Capstone Turbine Corporation and the Council on Foreign Relations almost 12 years ago.

Meanwhile, attacks leveraging CVE-2024-39891 have been deployed by threat actors looking to identify Authy account-related data before being addressed by Twilio earlier this month.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," said CISA.

You can skip this ad in 5 seconds