The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen security issues to their catalog of vulnerabilities. CISA’s warning is meant to inform system administrators and ensure they prioritize installing security updates. Organizations that don’t protect their networks with the newest security updates are making themselves easy targets to threat actors and ransomware groups. The flaws are a mix of old and new, ranging from 2014 to 2021. CISA also provided a patch deadline in the alert. The most recent one, CVE-2021-36934, is a Microsoft Windows SAM (Security Accounts Manager) vulnerability that allows anyone to access the Registry database files on Windows 10 and 11 and obtain passwords and administrator privileges. CISA’s list of known exploited vulnerabilities has now reached 367 security vulnerabilities. The list serves as a reminder that organizations need to find solutions for no longer supported hardware that is connected to sensitive parts of their network.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in