05-17-2024, 02:50 PM
News Patch Now! CISA Adds Critical Flaws to Exploited Vulnerabilities Catalog
<p><img width="1000" height="648" src="https://thecyberexpress.com/wp-content/uploads/known-exploited-vulnerabilities-e1715949251167.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="known exploited vulnerabilities" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/known-exploited-vulnerabilities-e1715949251167.webp 1000w, https://thecyberexpress.com/wp-content/u...0x194.webp 300w, https://thecyberexpress.com/wp-content/u...8x498.webp 768w, https://thecyberexpress.com/wp-content/u...0x389.webp 600w, https://thecyberexpress.com/wp-content/u...50x97.webp 150w, https://thecyberexpress.com/wp-content/u...0x486.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px" /></p><span style="font-weight: 400;">The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its known exploited vulnerabilities catalog to include three new entries, including flaws within D-Link routers and Google Chromium. </span>
<span style="font-weight: 400;">According to a post shared by <a href="https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog" target="_blank" rel="nofollow noopener">CISA</a>, among the listed vulnerabilities, one affects D-Link routers, a common target for cyberattacks. The CVE-2014-100005 is related to the D-Link DIR-600 router series, specifically revolving around Cross-Site Request Forgery (CSRF) concerns. </span>
<h3><span style="font-weight: 400;">CISA Adds Three Known Exploited Vulnerabilities</span></h3>
<span style="font-weight: 400;">Exploiting the <a href="https://thecyberexpress.com/d-link-network-device-management-platform/" target="_blank" rel="noopener">D-Link router vulnerability</a>, malicious actors can hijack administrative privileges, allowing them to execute unauthorized actions remotely. </span>
<span style="font-weight: 400;">Another D-Link router vulnerability listed is <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-40655" target="_blank" rel="nofollow noopener">CVE-2021-40655</a>, affecting the DIR-605 model. This flaw enables attackers to obtain <a href="https://thecyberexpress.com/threat-actor-claims-mit-data-breach-dark-web/" target="_blank" rel="noopener">sensitive information</a> like usernames and passwords through forged requests, posing a significant risk to affected users.</span>
<span style="font-weight: 400;">Additionally, CISA's catalog includes the <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-4761" target="_blank" rel="nofollow noopener">CVE-2024-4761</a>, concerning Google Chromium's V8 engine. This Chromium vulnerability, marked with a severity rating of 'High,' involves an out-of-bounds memory write issue.</span>
<span style="font-weight: 400;">Exploiting this flaw, remote attackers can execute malicious code via crafted <a href="https://thecyberexpress.com/evading-antivirus-rise-of-phishing-html-files/" target="_blank" rel="noopener">HTML pages</a>, potentially compromising user data and system integrity.</span>
<h3><span style="font-weight: 400;">Importance of Catalog Vulnerabilities</span></h3>
<span style="font-weight: 400;">These exploited <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/" target="_blank" rel="noopener" title="vulnerabilities" data-wpil-keyword-link="linked" data-wpil-monitor-id="4034">vulnerabilities</a>, once exploited, can lead to severe consequences, making them prime targets for cybercriminals. Notably, these entries are part of CISA's ongoing effort to maintain an updated list of significant threats facing federal networks.</span>
<span style="font-weight: 400;">The known exploited vulnerabilities catalog aligns with <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" target="_blank" rel="nofollow noopener">Binding Operational Directive (BOD) 22-01</a>, aimed at mitigating risks within the federal enterprise. </span>
<span style="font-weight: 400;">While BOD 22-01 specifically targets Federal Civilian Executive Branch (FCEB) agencies, CISA emphasizes the importance of all organizations prioritizing vulnerability remediation. </span>
<span style="font-weight: 400;">By promptly addressing cataloged <a href="https://thecyberexpress.com/millions-iot-cinterion-modem-vulnerabilities/" target="_blank" rel="noopener">vulnerabilities</a>, organizations can bolster their cybersecurity posture and reduce the risk of successful cyberattacks.</span>
<h3><span style="font-weight: 400;">The Exploited Vulnerability Dilemma </span></h3>
<span style="font-weight: 400;">According to <a href="https://www.bitsight.com/press-releases/bitsight-reveals-more-60-percent-known-exploited-vulnerabilities-remain-unmitigated#:~:text=The%20report%2C%20titled%20%22A%20Global,critical%2C%20exploited%20vulnerabilities%20in%20a" target="_blank" rel="nofollow noopener">Bitsight's analysis</a>, global companies struggle to address critical vulnerabilities promptly. The report draws from data from 1.4 million organizations, revealing that critical vulnerabilities take an average of 4.5 months to remediate, with over 60% unresolved past CISA's deadlines. </span>
<span style="font-weight: 400;">Despite their prevalence, known exploited vulnerabilities (KEVs) remain a challenge for organizations. Derek Vadala, Chief Risk Officer at Bitsight, urges prioritization of vulnerability remediation, citing an average resolution time of 4.5 months for critical KEVs. <a href="https://thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-2/" target="_blank" rel="noopener">Ransomware vulnerabilities</a>, constituting 20% of the KEV catalog, prompt remediation efforts 2.5 times faster than non-ransomware KEVs. </span>
<span style="font-weight: 400;">While federal agencies fare better in meeting CISA's deadlines, technology companies face the highest exposure to critical KEVs, with a faster remediation turnaround of 93 days. Roland Cloutier, a Bitsight advisor, stresses the need for enhanced vulnerability management, citing organizational challenges in assigning responsibility and ensuring visibility. </span>
<span style="color: #ff0000;"><i><span style="font-weight: 400;">Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. <a style="color: #ff0000;" href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> assumes no liability for the accuracy or consequences of using this information.</span></i></span>
https://thecyberexpress.com/cisa-adds-ne...abilities/
<p><img width="1000" height="648" src="https://thecyberexpress.com/wp-content/uploads/known-exploited-vulnerabilities-e1715949251167.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="known exploited vulnerabilities" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/known-exploited-vulnerabilities-e1715949251167.webp 1000w, https://thecyberexpress.com/wp-content/u...0x194.webp 300w, https://thecyberexpress.com/wp-content/u...8x498.webp 768w, https://thecyberexpress.com/wp-content/u...0x389.webp 600w, https://thecyberexpress.com/wp-content/u...50x97.webp 150w, https://thecyberexpress.com/wp-content/u...0x486.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px" /></p><span style="font-weight: 400;">The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its known exploited vulnerabilities catalog to include three new entries, including flaws within D-Link routers and Google Chromium. </span>
<span style="font-weight: 400;">According to a post shared by <a href="https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog" target="_blank" rel="nofollow noopener">CISA</a>, among the listed vulnerabilities, one affects D-Link routers, a common target for cyberattacks. The CVE-2014-100005 is related to the D-Link DIR-600 router series, specifically revolving around Cross-Site Request Forgery (CSRF) concerns. </span>
<h3><span style="font-weight: 400;">CISA Adds Three Known Exploited Vulnerabilities</span></h3>
<span style="font-weight: 400;">Exploiting the <a href="https://thecyberexpress.com/d-link-network-device-management-platform/" target="_blank" rel="noopener">D-Link router vulnerability</a>, malicious actors can hijack administrative privileges, allowing them to execute unauthorized actions remotely. </span>
<span style="font-weight: 400;">Another D-Link router vulnerability listed is <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-40655" target="_blank" rel="nofollow noopener">CVE-2021-40655</a>, affecting the DIR-605 model. This flaw enables attackers to obtain <a href="https://thecyberexpress.com/threat-actor-claims-mit-data-breach-dark-web/" target="_blank" rel="noopener">sensitive information</a> like usernames and passwords through forged requests, posing a significant risk to affected users.</span>
<span style="font-weight: 400;">Additionally, CISA's catalog includes the <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-4761" target="_blank" rel="nofollow noopener">CVE-2024-4761</a>, concerning Google Chromium's V8 engine. This Chromium vulnerability, marked with a severity rating of 'High,' involves an out-of-bounds memory write issue.</span>
<span style="font-weight: 400;">Exploiting this flaw, remote attackers can execute malicious code via crafted <a href="https://thecyberexpress.com/evading-antivirus-rise-of-phishing-html-files/" target="_blank" rel="noopener">HTML pages</a>, potentially compromising user data and system integrity.</span>
<h3><span style="font-weight: 400;">Importance of Catalog Vulnerabilities</span></h3>
<span style="font-weight: 400;">These exploited <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-are-vulnerabilities/" target="_blank" rel="noopener" title="vulnerabilities" data-wpil-keyword-link="linked" data-wpil-monitor-id="4034">vulnerabilities</a>, once exploited, can lead to severe consequences, making them prime targets for cybercriminals. Notably, these entries are part of CISA's ongoing effort to maintain an updated list of significant threats facing federal networks.</span>
<span style="font-weight: 400;">The known exploited vulnerabilities catalog aligns with <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" target="_blank" rel="nofollow noopener">Binding Operational Directive (BOD) 22-01</a>, aimed at mitigating risks within the federal enterprise. </span>
<span style="font-weight: 400;">While BOD 22-01 specifically targets Federal Civilian Executive Branch (FCEB) agencies, CISA emphasizes the importance of all organizations prioritizing vulnerability remediation. </span>
<span style="font-weight: 400;">By promptly addressing cataloged <a href="https://thecyberexpress.com/millions-iot-cinterion-modem-vulnerabilities/" target="_blank" rel="noopener">vulnerabilities</a>, organizations can bolster their cybersecurity posture and reduce the risk of successful cyberattacks.</span>
<h3><span style="font-weight: 400;">The Exploited Vulnerability Dilemma </span></h3>
<span style="font-weight: 400;">According to <a href="https://www.bitsight.com/press-releases/bitsight-reveals-more-60-percent-known-exploited-vulnerabilities-remain-unmitigated#:~:text=The%20report%2C%20titled%20%22A%20Global,critical%2C%20exploited%20vulnerabilities%20in%20a" target="_blank" rel="nofollow noopener">Bitsight's analysis</a>, global companies struggle to address critical vulnerabilities promptly. The report draws from data from 1.4 million organizations, revealing that critical vulnerabilities take an average of 4.5 months to remediate, with over 60% unresolved past CISA's deadlines. </span>
<span style="font-weight: 400;">Despite their prevalence, known exploited vulnerabilities (KEVs) remain a challenge for organizations. Derek Vadala, Chief Risk Officer at Bitsight, urges prioritization of vulnerability remediation, citing an average resolution time of 4.5 months for critical KEVs. <a href="https://thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-2/" target="_blank" rel="noopener">Ransomware vulnerabilities</a>, constituting 20% of the KEV catalog, prompt remediation efforts 2.5 times faster than non-ransomware KEVs. </span>
<span style="font-weight: 400;">While federal agencies fare better in meeting CISA's deadlines, technology companies face the highest exposure to critical KEVs, with a faster remediation turnaround of 93 days. Roland Cloutier, a Bitsight advisor, stresses the need for enhanced vulnerability management, citing organizational challenges in assigning responsibility and ensuring visibility. </span>
<span style="color: #ff0000;"><i><span style="font-weight: 400;">Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. <a style="color: #ff0000;" href="https://thecyberexpress.com/" target="_blank" rel="noopener">The Cyber Express</a> assumes no liability for the accuracy or consequences of using this information.</span></i></span>
https://thecyberexpress.com/cisa-adds-ne...abilities/