The Cybersecurity and Infrastructure Security Agency (CISA) this week have added seventeen actively exploited vulnerabilities to the Known Exploited Vulnerabilities Catalog. These latest vulnerabilities bring the catalog up to a total of 341 vulnerabilities, and 10 of the newest 17 must be patched by the first week of February.
In the list of 17 vulnerabilities, two are especially interesting: CVE-2021-32648 and CVE-2021-35247. The vulnerability tracked as CVE-2021-32648 must be patched by the first week of February as it has been used by malicious actors to hack the Ukrainian government’s websites. The vulnerability tracked as CVE-2021-35247 must also be patched by the first week of February because it has been used to propagate Log4j attacks.