May 7, 2024 at 04:54PM The Known Exploited Vulnerabilities (KEV) list, introduced by the Cybersecurity and Infrastructure Security Agency in 2021, aims to accelerate remediation times for high-risk threats. Congressman Jim Langevin’s legislation created the list to prioritize vulnerabilities for remediation. Data shows an increase in remediation timelines, but ransomware vulnerabilities receive the highest priority. … Read more
May 7, 2024 at 07:34AM CISA’s Known Exploited Vulnerabilities (KEV) catalog, aimed at federal agencies, is also positively impacting private organizations, reducing average remediation time to under 175 days, compared to 621 for unlisted vulnerabilities. While both sectors often miss CISA deadlines, private organizations face longer patch times, with technology firms the fastest at 93 … Read more
November 9, 2023 at 05:30AM The US cybersecurity agency CISA has warned of threat actors using a Service Location Protocol (SLP) vulnerability to conduct denial-of-service (DoS) attacks with a high amplification factor. The flaw, tracked as CVE-2023-29552, allows unauthenticated remote attackers to register arbitrary services and use spoofed UDP traffic to amplify the magnitude of … Read more