The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
Below are the descriptions for these vulnerabilities: <\/p>\n\n\n\n
At the end of August, Eset researchers reported<\/strong><\/a> that South Korea-linked group APT-C-60 exploited a zero-day, tracked as CVE\u2060-\u20602024\u2060-\u20607262, in the Windows version of WPS Office to deploy the SpyGlace backdoor in the systems on targets in East Asia.<\/p>\n\n\n\n
According to the\u00a0WPS website<\/a>, WPS Office has over 500 million active users worldwide.\u00a0<\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0CISA<\/a>)<\/strong>