{"id":8400,"date":"2022-04-22T11:40:36","date_gmt":"2022-04-22T18:40:36","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8400"},"modified":"2023-03-03T14:38:35","modified_gmt":"2023-03-03T21:38:35","slug":"dhs-cisa-kevs-weekly-edition-2-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dhs-cisa-kevs-weekly-edition-2-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 2: Patch Before you Hit the Deadline"},"content":{"rendered":"
The US Cybersecurity and Infrastructure Security Agency (CISA) has again updated its Known Exploited Vulnerabilities (KEVs) Catalog which now contains 647 CVEs.<\/p>\n
This blog brings you all the DHS CISA KEVs that need to be prioritized for patching this week (April 18 to April 24, 2022).<\/p>\n
A total of 39 known exploited vulnerabilities from the DHS CISA catalog should be patched by federal agencies this week before April 18 and April 24, 2022. We further analyzed these 39 KEVs and found that –<\/p>\n
<\/p>\n
Our ML and AI Model predict that 36 CVEs out of 39 are potentially 38 times more likely to be exploited. Therefore patch it immediately before you run for the cure.<\/strong><\/p>\n Of the 39 KEVs, 35 CVEs are old vulnerabilities dating from 2010 to 2021 with a patch deadline of April 18 and April 24, 2022. There are 22 KEVs that exist in Microsoft products, 3 KEVs found in Oracle 2 KEVs from Adobe and SonicWall each.<\/p>\n <\/p>\n When we analyzed based on the threat risk associations, we found 11 KEVs associated with multiple APT threat groups and 16 KEVs linked to different ransomware strains. All these threats associated vulnerabilities are older vulnerabilities.<\/p>\n The inclusion of old vulnerabilities to the KEV catalog is due to the fact that they are used in new exploit chains that are applicable today, which suddenly makes them relevant again.<\/p>\n CVE<\/strong><\/span><\/p>\n<\/th>\n Ransomware_Name<\/strong><\/span><\/p>\n<\/th>\n APT_Name<\/strong><\/span><\/p>\n<\/th>\n<\/tr>\n<\/thead>\n\n CVE-2010-4398<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n FIN6<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2011-2005<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n FIN6<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2012-5076<\/span><\/p>\n<\/td>\n Urausy, Reveton<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2013-2465<\/span><\/p>\n<\/td>\n Cerber, CryptoWall<\/span><\/p>\n<\/td>\n Corkow, Red Star, Sandworm Team<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2013-2551<\/span><\/p>\n<\/td>\n Kovter, CryptoFortress, Princess Locker, TeslaCrypt, CryptoWall, CryptoLocker, Reveton<\/span><\/p>\n<\/td>\n Corkow<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2013-2729<\/span><\/p>\n<\/td>\n CryptoWall 2.0<\/span><\/p>\n<\/td>\n Winnti Group<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2013-3660<\/span><\/p>\n<\/td>\n CryptoWall 2.0<\/span><\/p>\n<\/td>\n FIN7, FIN6<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2015-2419<\/span><\/p>\n<\/td>\n Princess Locker, TeslaCrypt, Pony<\/span><\/p>\n<\/td>\n Lazarus Group<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2015-2426<\/span><\/p>\n<\/td>\n Cerber, TeslaCrypt, CryptoWall, Locky<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2016-0189<\/span><\/p>\n<\/td>\n ITLock, Princess Locker, Cerber, Mole, Nemty, Matrix, Locky, Magniber<\/span><\/p>\n<\/td>\n Operation Earth Kitsune, PittyTiger<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2016-7200<\/span><\/p>\n<\/td>\n Cerber<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2016-7201<\/span><\/p>\n<\/td>\n Cerber<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2017-0037<\/span><\/p>\n<\/td>\n Cerber<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2017-0213<\/span><\/p>\n<\/td>\n Ragnar Locker, NotPetya, Nefilim, WannaCry, Netwalker, Dharma<\/span><\/p>\n<\/td>\n APT29, Transparent Tribe, Winnti Group<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2018-10561<\/span><\/p>\n<\/td>\n Muhstik<\/span><\/p>\n<\/td>\n Kelvin SecTeam<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2018-10562<\/span><\/p>\n<\/td>\n Muhstik<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2018-8440<\/span><\/p>\n<\/td>\n GandCrab, GandCrab 5<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2021-28799<\/span><\/p>\n<\/td>\n Qlocker, eCh0raix<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n<\/tr>\n CVE-2015-1770<\/span><\/p>\n<\/td>\n –<\/span><\/p>\n<\/td>\n FIN7<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Of these 39 KEVs that have a patch deadline of April 18 and April 24, 2022, affect major vendors such as Microsoft, Oracle, Adobe, Atlassian, and\u00a0 Dell.<\/p>\n The analysis of these KEVs revealed that 59% of the KEVs with a patch due date of April 18 and April 24, 2022, fall under the Top 40 Most Dangerous Software Weaknesses<\/a> as well 39% of KEVs categorized under KEVs fall OWASP Top 10:2021<\/a>.<\/p>\n <\/strong><\/p>\nHow Far Back Do They Go?<\/h2>\n
Ransomware and APT Associations<\/h2>\n
\n\n
\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Which Vendors Are Affected?<\/h2>\n
\nSoftware Weaknesses<\/h2>\n<\/h2>\n
Severity Scores<\/h2>\n