Skip to content

CISA urged to add 8 severe ransomware bugs to vulnerability catalog

Posted by:
< 1 min read

February 17, 2023 – Published on SC Magazine

Researchers found that eight of the 131 vulnerabilities associated with ransomware not yet listed in a federal catalog meant to help the cybersecurity community are considered “most dangerous” because they could be easily exploited from initial access to exfiltration. 

According to the report, researchers identified 57 extremely dangerous ransomware-associated vulnerabilities with complete kill chains, eight of which are excluded in the KEV. These eight bugs are found in over 30 products, including products by Microsoft, Oracle, Zyxel, and QNAP.

Tony Cook, senior director of DFIR and Threat Intel at GuidePoint Security, highlighted that organizations should have a more transparent vulnerability disclosure process to help secure the large ecosystem.  

“One of the biggest issues now is that companies do not want to disclose security incidents or vulnerability information to CISA for fear of legal obligation. It would be much easier for CISA to have a comprehensive database if organizations could openly report things happening around,” Cook said. 

Read More HERE.

Categories: Application Security News Vulnerability Management & Penetration Testing
Tags:GRIT

GuidePoint Security

OpenSSL code library patched after high-risk vulnerabilities found
November 1, 2022 – Published on Axios The developer of a widely used open-source code library released a patch to resolve […]
View Page

Related Articles

View All

  • Application Security
OpenSSL code library patched after high-risk vulnerabilities found
Read More < 1 min read
  • Application Security
Microsoft Patch Tuesday fixes six zero-day vulnerabilities
Read More < 1 min read
  • Cybersecurity
Vedere Labs updates OT:ICEFALL findings, adds three more vulnerabilities in Festo automation controllers, CODESYS equipment
Read More < 1 min read