Report: CISA vulnerabilities catalog monitored by ransomware gangs

Ransomware operations have exploited 28% of security flaws in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog in attacks last year, according to The Register.

While some of the flaws — including the Cleo Harmony remote code execution bug, tracked as CVE-2024-50623, and the maximum severity Progress Kemp LoadMaster command execution issue, tracked as CVE-2024-1212 — were added following mass exploitation, most of the CISA KEV inclusions occurred within at least a week of confirmed exploits and intrusions, indicating ransomware gangs' tracking of the database, a report from GreyNoise revealed. Additional findings showed that vulnerabilities that are at least four years old — including the critical Dasan GPON router and Realtek SDK flaws CVE-2018-10561 and CVE-2014-8361, respectively — accounted for 40% of the exploited bugs last year. Meanwhile, organizations and other users leveraging Ivanti, D-Link, and VMware products were recommended to switch vendors due to their elevated zero-day exploits and mishandling of security fixes for vulnerable products.