August 13, 2024 at 02:23PM CISA has added six new known exploited vulnerabilities to the catalog, including remote code execution, memory corruption, and privilege escalation issues in Microsoft products. These are common attack vectors for cyber actors and pose risks to the federal enterprise. BOD 22-01 mandates remediation to protect FCEB networks from active threats, … Read more
May 7, 2024 at 07:34AM CISA’s Known Exploited Vulnerabilities (KEV) catalog, aimed at federal agencies, is also positively impacting private organizations, reducing average remediation time to under 175 days, compared to 621 for unlisted vulnerabilities. While both sectors often miss CISA deadlines, private organizations face longer patch times, with technology firms the fastest at 93 … Read more
January 19, 2024 at 03:00PM A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti … Read more
December 6, 2023 at 12:42AM Qualcomm disclosed details on three high-severity security flaws with CVSS scores ranging from 7.8 to 8.4, known to be exploited in targeted attacks. These vulnerabilities, reported by researchers at Google and others, are now in the CISA’s KEV catalog, with federal agencies instructed to patch by December 26. Additionally, Android’s … Read more