CISA Adds Eight More Flaws To Its Exploited Vulnerabilities Catalogue

Please see below for commentary from Ed Williams, EMEA Director of SpiderLabs at Trustwave following the news that the US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalogue of exploited vulnerabilities that are known to be used in attacks.

Experts Comments

February 02, 2022
Ed Williams
Director EMEA, SpiderLabs
Trustwave

I welcome the news of CISA continuing to catalogue actively exploited vulnerabilities because, by doing so, the agency is continuing to raise awareness around the importance of patching. It is also extremely positive to see older vulnerabilities being represented, as opposed to just zero-day. This highlights the importance of being fully patched across an organisation, and the breadth of technologies included within this list, Apple, SonicWall, MSFT, Intel, further emphasises the importance

.....Read More

I welcome the news of CISA continuing to catalogue actively exploited vulnerabilities because, by doing so, the agency is continuing to raise awareness around the importance of patching. It is also extremely positive to see older vulnerabilities being represented, as opposed to just zero-day. This highlights the importance of being fully patched across an organisation, and the breadth of technologies included within this list, Apple, SonicWall, MSFT, Intel, further emphasises the importance that all organisations take stock of how they can increase their security posture.  

However, it is worrying that in 2022 we are still seeing SQLi related bugs, and it is equally alarming to see an Internet Explorer bug from back in 2014. Internet Explorer 11 enters its end of life this summer, making patching vulnerabilities here even more critical for all organisations. Indeed, of all the eight vulnerabilities identified, half are from pre-2017.This is extremely concerning and demonstrates how important proper patch management and pen testing are to organisations.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.