CISA Adds Eight More Flaws To Its Exploited Vulnerabilities Catalogue

Please see below for commentary from Ed Williams, EMEA Director of SpiderLabs at Trustwave following the news that the US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalogue of exploited vulnerabilities that are known to be used in attacks.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ed Williams
Ed Williams , Director EMEA, SpiderLabs
InfoSec Expert
February 2, 2022 4:51 pm

<p>I welcome the news of CISA continuing to catalogue actively exploited vulnerabilities because, by doing so, the agency is continuing to raise awareness around the importance of patching. It is also extremely positive to see older vulnerabilities being represented, as opposed to just zero-day. This highlights the importance of being <i>fully</i> patched across an organisation, and the breadth of technologies included within this list, Apple, SonicWall, MSFT, Intel, further emphasises the importance that <i>all </i>organisations take stock of how they can increase their security posture. <u></u><u></u><u></u> <u></u></p>
<p>However, it is worrying that in 2022 we are still seeing SQLi related bugs, and it is equally alarming to see an Internet Explorer bug from back in 2014. Internet Explorer 11 enters its end of life this summer, making patching vulnerabilities here even more critical for all organisations. Indeed, of all the eight vulnerabilities identified, half are from pre-2017.This is extremely concerning and demonstrates how important proper patch management and pen testing are to organisations.</p>

Last edited 10 months ago by Ed Williams
1
0
Would love your thoughts, please comment.x
()
x