In light of the news that CISA has added 41 vulnerabilities to its catalogue of known exploited flaws please see the below comments from the expert.
CISA adding 41 vulnerabilities to its catalogue of known exploited flaws used in cyberattacks is unsurprising, because attackers are well versed at finding vulnerabilities, old and new, to exploit in their malicious campaigns.
The newly added vulnerabilities span 6 years, with the oldest being disclosed in 2016. The Windows elevation of privileges vulnerability CVE-2020-0638 was disclosed in 2020 but was still being harnessed by the prolific ransomware gang Conti for their attacks on corporate networks this year.
As threat actors continue to utilise vulnerabilities in attacks, the well-trodden advice is to install updates on all devices. And, while focusing on core cybersecurity hygiene elements like patching will help organisations bolster their cyber resilience, attackers are ingenious at finding new entry points to systems long before they emerge as compromised.
Organisations have to do more than just forecasting IT teams on updates and patching. The entire workforce needs elevating in the fight against growing cyber-risk. Remaining resilient in an ever-changing threat environment requires the optimisation of human cyber knowledge, skills, and judgement across the entire organisation when it comes to preparing for, responding to, and remediating against cyber threats, whatever their form.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics