Please see below for commentary from Ed Williams, EMEA Director of SpiderLabs at Trustwave following the news that the US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalogue of exploited vulnerabilities that are known to be used in attacks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>I welcome the news of CISA continuing to catalogue actively exploited vulnerabilities because, by doing so, the agency is continuing to raise awareness around the importance of patching. It is also extremely positive to see older vulnerabilities being represented, as opposed to just zero-day. This highlights the importance of being <i>fully</i> patched across an organisation, and the breadth of technologies included within this list, Apple, SonicWall, MSFT, Intel, further emphasises the importance that <i>all </i>organisations take stock of how they can increase their security posture. <u></u><u></u><u></u> <u></u></p>
<p>However, it is worrying that in 2022 we are still seeing SQLi related bugs, and it is equally alarming to see an Internet Explorer bug from back in 2014. Internet Explorer 11 enters its end of life this summer, making patching vulnerabilities here even more critical for all organisations. Indeed, of all the eight vulnerabilities identified, half are from pre-2017.This is extremely concerning and demonstrates how important proper patch management and pen testing are to organisations.</p>