All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 21, 2022. I’ve also included some comments on these stories.

18 High-Severity Vulnerabilities Patched by Intel

According to SecurityWeek, Intel released 22 security advisories detailing 18 high-severity vulnerabilities. Malicious actors require local access to an affected device to exploit the flaws. At that point, they can use the vulnerabilities to escalate privileges, disclose information, or produce a denial-of-service (DoS) condition.

Dylan D’Silva | Security Researcher at Tripwire

Patching and vulnerability management should continue to be a top priority in the overall toolset of security and IT professionals who are tasked with the responsibility of maintaining systems and their respective security posture.

Last week, Intel disclosed 18 high-severity vulnerabilities, most of which are related to privilege escalation. A few other flaws discovered at that time can lead to information disclosure or a denial-of-service (DoS) condition.

There seems to be an interesting situation here. The author points out that while Intel software and firmware is widely deployed, the vulnerabilities identified could be useful to threat actors. In November 2021, CISA published a “Known Exploited Vulnerabilities Catalog” detailing 300+ vulnerabilities that attackers have exploited over the past 10 years. Of note, only one of those vulnerabilities traced back to Intel.

Last year alone, Intel patched 226 vulnerabilities in its products, and as with previous years, it paid out about $800K in total through its bug bounty program. Bug bounty programs help strength the wider security community as they help to promote responsible disclosure.

Attackers Exploiting Flaws in Zabbix Monitoring Tool, Warns CISA

On February 23, SecurityWeek shared how the U.S. Cybersecurity (Read more...)