Multilogin antidetect browser. US govt: Here are another 15 security bugs under attack right now

Multilogin antidetect browser. US govt: Here are another 15 security bugs under attack right now

What is browser automation

TOR browser automation.

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue.

Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency (CISA) now maintains a public list of vulnerabilities that are, or have been, actively exploited.

These latest additions to the database include CVEs as old as 2017 and affecting products from Microsoft, Oracle, and Apple. Each entry comes with a “remediation due date” – though all but one of the latest entries all have remediation dates in August.

The exception is CVE-2021-36394, last summer’s HiveNightmare Windows privilege escalation flaw. These make-me-admin vulns were possible through exploitation of a misconfigured access control list for specified Windows registry hive files in Windows 10 build 1809.

Browser automation extension

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” said CISA in its advisory.

  • Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism
  • As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam
  • Biden said to be assembling cyber dream team to sort out US govt computer security

Other vulns include years-old remote code execution flaws in Oracle Weblogic and a variety of Windows and Microsoft privilege escalation and code execution issues – along with a vuln in continuous delivery platform Jenkins.

  Multilogin antidetect browser. Welsh home improvement biz fined £200,000 over campaign of 675,478 nuisance calls

CISA provides these public warnings in order to have vulnerable software updated, while Britain’s National Cyber Security Centre keeps all of its vuln notifications behind closed doors through its Cyber Security Information Sharing Partnership. Australia, like America, maintains a public alerts page – but no CISA-style database in public.

The database was ordered to be established in November last year, with a three-month grace period to create “a living list of known CVEs that carry significant risk to the federal enterprise.” It is likely to become of great interest to IT pros from around the world.

While there are arguments to be made about whether publishing vuln notifications just draws baddies’ attention to their contents, in today’s world with entire economies dependent upon timely patching of critical vulns, more information in public about things that need urgent patching can only be a public good. ®

How to use browser automation studio.

Leave a Reply

Back to top