Expert Comment: CISA Adds 41 Vulnerabilities To Catalogue Of Exploited Flaws

In light of the news that CISA has added 41 vulnerabilities to its catalogue of known exploited flaws please see the below comments from the expert.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Kev Breen
Kev Breen , Director of Cyber Threat research
InfoSec Expert
May 25, 2022 5:26 pm

CISA adding 41 vulnerabilities to its catalogue of known exploited flaws used in cyberattacks is unsurprising, because attackers are well versed at finding vulnerabilities, old and new, to exploit in their malicious campaigns.  

The newly added vulnerabilities span 6 years, with the oldest being disclosed in 2016. The Windows elevation of privileges vulnerability CVE-2020-0638 was disclosed in 2020 but was still being harnessed by the prolific ransomware gang Conti for their attacks on corporate networks this year.

As threat actors continue to utilise vulnerabilities in attacks, the well-trodden advice is to install updates on all devices. And, while focusing on core cybersecurity hygiene elements like patching will help organisations bolster their cyber resilience, attackers are ingenious at finding new entry points to systems long before they emerge as compromised.

Organisations have to do more than just forecasting IT teams on updates and patching. The entire workforce needs elevating in the fight against growing cyber-risk. Remaining resilient in an ever-changing threat environment requires the optimisation of human cyber knowledge, skills, and judgement across the entire organisation when it comes to preparing for, responding to, and remediating against cyber threats, whatever their form.

Last edited 6 months ago by Kev Breen
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x