Moves by the Cybersecurity and Infrastructure Security Agency to update ransomware-related exploitation on dozens of software vulnerabilities last year without alerting defenders were noted by GreyNoise Senior Director of Security Research and Detection Engineering Glenn Thorpe to have potentially resulted in overlooked ransomware intrusions, reports The Register.CISA silently flipped ransomware abuse status on 59 flaws included in its Known Exploited Vulnerabilities catalog last year, more than a quarter of which impacted Microsoft products, said Thorpe. Thirty-nine percent of security issues determined to have been exploited in ransomware intrusions last year have been in the KEV catalog since 2022 or earlier, while the duration of status flipping ranged from a day to 1,353 days after flaws were added to the KEV list. In a bid to better inform defenders about the ransomware status changes of KEV entries, GreyNoise has unveiled an RSS feed providing hourly vulnerability updates.
Critical Infrastructure Security, Vulnerability Management, Patch/Configuration Management
Expert says CISA silently fixing bugs could be a problem

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



