InfoSec News Nuggets 11/27/2024
US government agencies told to patch these critical security flaws or face attack The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning federal agencies they have a three-week deadline to apply the available patch, or stop using the affected software altogether. The agency added a missing authentication vulnerability to KEV tracked under CVE-2023-28461, which has a severity score of 9.8, and allows…