Critical Infrastructure Security, Vulnerability Management, Patch/Configuration Management

Expert says CISA silently fixing bugs could be a problem

Moves by the Cybersecurity and Infrastructure Security Agency to update ransomware-related exploitation on dozens of software vulnerabilities last year without alerting defenders were noted by GreyNoise Senior Director of Security Research and Detection Engineering Glenn Thorpe to have potentially resulted in overlooked ransomware intrusions, reports The Register.

CISA silently flipped ransomware abuse status on 59 flaws included in its Known Exploited Vulnerabilities catalog last year, more than a quarter of which impacted Microsoft products, said Thorpe. Thirty-nine percent of security issues determined to have been exploited in ransomware intrusions last year have been in the KEV catalog since 2022 or earlier, while the duration of status flipping ranged from a day to 1,353 days after flaws were added to the KEV list. In a bid to better inform defenders about the ransomware status changes of KEV entries, GreyNoise has unveiled an RSS feed providing hourly vulnerability updates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds