The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows –
The inclusion of CVE-2023-45727 to the KEV catalog comes in the wake of a Trend Micro report released on November 19, 2024, that linked its active exploitation to a China-nexus cyber espionage group dubbed Earth Kasha (aka MirrorFace).
Then last week, cybersecurity vendor VulnCheck revealed that malicious actors have been attempting to weaponize CVE-2024-11680 as early as September 2024 for dropping post-exploitation payloads.
The abuse of CVE-2024-51378 and CVE-2024-11667, on the other hand, has been attributed to various ransomware campaigns such as PSAUX and Helldown, according to Censys and Sekoia.
Federal Civilian Executive Branch (FCEB) agencies are recommended to remediate the identified vulnerabilities by December 25, 2024, to secure their networks.
The development comes as JPCERT/CC warned that three security flaws in I-O DATA routers UD-LT1 and UD-LT1/EX are being exploited by unknown threat actors.
While patches for CVE-2024-52564 have been made available with firmware Ver2.1.9, fixes for the remaining two shortcomings are not expected to be released until December 18, 2024 (Ver2.2.0).
In the meanwhile, the Japanese company is advising that customers limit the settings screen from being exposed to the internet by disabling remote management, changing default guest user passwords, and ensuring administrator passwords are not trivial to guess.
