{"id":7218,"date":"2022-09-12T07:05:51","date_gmt":"2022-09-12T14:05:51","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7218"},"modified":"2024-04-19T09:31:48","modified_gmt":"2024-04-19T16:31:48","slug":"cisa-launches-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/cisa-launches-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"CISA Launches Known Exploited Vulnerabilities (KEV) Catalog"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7218\" class=\"elementor elementor-7218\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-32c1d6e4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"32c1d6e4\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2a607d68\" data-id=\"2a607d68\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-28c867b elementor-widget elementor-widget-text-editor\" data-id=\"28c867b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong><span style=\"color: #000000;\">The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Directive mandating organizations to patch a list of Known Exploited Vulnerabilities (KEV) on November 03, 2021, with specified deadlines. This catalog started with 287 vulnerabilities, and the count stands at 981 today.\u00a0<\/span><\/strong><\/p><p>This blog performs risk-based scrutiny of the vulnerabilities included in the catalog and provides additional threat context for each vulnerability.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3e6b9d elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"b3e6b9d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong><span style=\"color: #000000;\">DHS CISA released a Binding Directive mandating organizations to patch a list of Known Exploited Vulnerabilities on November 03, 2021, with specified deadlines. This catalog started with 287 vulnerabilities, and the count stands at 981 today.\u00a0<\/span><\/strong><\/p><p>This blog performs risk-based scrutiny of the vulnerabilities included in the catalog and provides additional threat context for each vulnerability. Our team of experts has also <a href=\"https:\/\/cybersecurityworks.com\/blog\/cisa\/mitre-mapping-of-cisa-kevs-and-its-challenges.html\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/blog\/cisa\/mitre-mapping-of-cisa-kevs-and-its-challenges.html\">mapped each vulnerability <\/a>to tactics, techniques, and procedures used by hackers to exploit them.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e4e9eb elementor-widget elementor-widget-image\" data-id=\"3e4e9eb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"960\" height=\"540\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/09\/CISA-Image-template-15.png\" class=\"attachment-full size-full wp-image-19332\" alt=\"\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/09\/CISA-Image-template-15.png 960w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/09\/CISA-Image-template-15-300x169.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2022\/09\/CISA-Image-template-15-768x432.png 768w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d775a8d elementor-widget elementor-widget-spacer\" data-id=\"d775a8d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-66bc8ebb elementor-widget elementor-widget-text-editor\" data-id=\"66bc8ebb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Our researchers deep-dived into these vulnerabilities to understand the criticality of these CVEs and why they need to be addressed within the deadlines specified by CISA.<\/p><p>Firstly, let us look at how many vulnerabilities ought to be patched immediately.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-68bacf9 elementor-widget elementor-widget-spacer\" data-id=\"68bacf9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-21cf421 elementor-widget elementor-widget-text-editor\" data-id=\"21cf421\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>CVEs to be Patched by August 2023<\/h2><p>We have already crossed the patching deadline for 963 of the CISA KEVs. There are a further 22 vulnerabilities that need to be patched by the end of August 2023.<\/p><p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/appNx9fN5R7y6WulJ\/shrA0Md72IhXDBo6x?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p><p><strong>We are fast running out of time to patch the CISA KEVs, with the last due date currently on the list being Augest 28, 2023. If your organization still has a long way to go, <a href=\"https:\/\/www.securin.io\/contact-us\/\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/reach-us.php\">Securin can help you prioritize<\/a> the ones that pose the most danger to you.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-620c39e elementor-widget elementor-widget-spacer\" data-id=\"620c39e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-85d0024 elementor-widget elementor-widget-text-editor\" data-id=\"85d0024\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Patching Deadlines<\/h2><p>DHS CISA\u2019s initiative of reducing risk through the Known Exploited Vulnerabilities (KEV) catalog is a remediation drive with strict timelines. Below, we look at the stipulated deadlines by which sets of vulnerabilities need to be patched.<\/p><table><tbody><tr><td><strong>Patching Deadlines<\/strong><\/td><td><strong>Number of CVEs<\/strong><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Aug-23<\/span><\/td><td><span style=\"font-weight: 400;\">16<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jul-23<\/span><\/td><td><span style=\"font-weight: 400;\">15<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jun-23<\/span><\/td><td><span style=\"font-weight: 400;\">22<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">May-23<\/span><\/td><td><span style=\"font-weight: 400;\">15<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Apr-23<\/span><\/td><td><span style=\"font-weight: 400;\">19<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Mar-23<\/span><\/td><td><span style=\"font-weight: 400;\">17<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Feb-23<\/span><\/td><td><span style=\"font-weight: 400;\">5<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jan-23<\/span><\/td><td><span style=\"font-weight: 400;\">10<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Dec-22<\/span><\/td><td><span style=\"font-weight: 400;\">8<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Nov-22<\/span><\/td><td><span style=\"font-weight: 400;\">15<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Oct-22<\/span><\/td><td><span style=\"font-weight: 400;\">13<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Sep-22<\/span><\/td><td><span style=\"font-weight: 400;\">40<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Aug-22<\/span><\/td><td><span style=\"font-weight: 400;\">29<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jul-22<\/span><\/td><td><span style=\"font-weight: 400;\">35<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jun-22<\/span><\/td><td><span style=\"font-weight: 400;\">128<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">May-22<\/span><\/td><td><span style=\"font-weight: 400;\">218<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Apr-22<\/span><\/td><td><span style=\"font-weight: 400;\">127<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Mar-22<\/span><\/td><td><span style=\"font-weight: 400;\">103<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Feb-22<\/span><\/td><td><span style=\"font-weight: 400;\">15<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Jan-22<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">Dec-21<\/span><\/td><td><span style=\"font-weight: 400;\">126<\/span><\/td><\/tr><\/tbody><\/table><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-21c095a elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"21c095a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Critical CVEs Ignored by CISA<\/h2><p>Our analysts highlight trending vulnerabilities that are yet to be added to CISA KEVs, which have the potential to cause severe impact if exploited. Securin has also repeatedly called these out in blogs and reports.<\/p><table><tbody><tr><td><strong>CVE<\/strong><\/td><td><strong>Patch<\/strong><\/td><td><strong>Threat Type<\/strong><\/td><td><strong>CVSS Severity<\/strong><\/td><td><strong>Added to CISA post Securin call out*<\/strong><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-2004<\/span><\/td><td><a href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-167-03\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Malware<\/span><\/td><td><span style=\"font-weight: 400;\">NA<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-2003<\/span><\/td><td><a href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-167-03\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Malware<\/span><\/td><td><span style=\"font-weight: 400;\">NA<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-45461<\/span><\/td><td><a href=\"https:\/\/wiki.freepbx.org\/display\/FOP\/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Malware<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2019-9489<\/span><\/td><td><a href=\"https:\/\/success.trendmicro.com\/dcx\/s\/solution\/1122250-security-bulletin-directory-traversal-vulnerability-in-trend-micro-apex-one-officescan-and-worry?language=en_US&amp;sfdcIFrameOrigin=null\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">*Note:The above CVEs were explicitly highlighted in this blog on Aug 8, 2022<\/span><\/p><table><tbody><tr><td><span style=\"font-weight: 400;\">CVE-2016-1001<\/span><\/td><td><a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsb16-08.html\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Malware,Ransomware<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-31196<\/span><\/td><td><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31196\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-31206<\/span><\/td><td><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-31206\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT,Ransomware<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-33768<\/span><\/td><td><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-33768\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-34470<\/span><\/td><td><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2021-34470\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-45046<\/span><\/td><td><a href=\"https:\/\/www.oracle.com\/security-alerts\/cpujan2022.html\"><span style=\"font-weight: 400;\">1<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\"><span style=\"font-weight: 400;\">2<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"http:\/\/www.openwall.com\/lists\/oss-security\/2021\/12\/14\/4\"><span style=\"font-weight: 400;\">3<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-45105<\/span><\/td><td><a href=\"https:\/\/www.oracle.com\/security-alerts\/cpujan2022.html\"><span style=\"font-weight: 400;\">1<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"http:\/\/www.openwall.com\/lists\/oss-security\/2021\/12\/19\/1\"><span style=\"font-weight: 400;\">2<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\"><span style=\"font-weight: 400;\">3<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">MEDIUM<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">*Note:The above CVEs were explicitly highlighted in this blog on Sep 21, 2022<\/span><\/p><table><tbody><tr><td><span style=\"font-weight: 400;\">CVE-2022-34721<\/span><\/td><td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-34721\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">APT<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><td>\u00a0<\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-42298<\/span><\/td><td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-42298\"><span style=\"font-weight: 400;\">Patch Now<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Trending, Exploitation in the wild<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><td>\u00a0<\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">*Note:The above CVEs were explicitly highlighted in this blog on Dec 01, 2022<\/span><\/p><p><span style=\"font-weight: 400;\">We have also noticed trending threats that are not part of CISA KEVs yet. However, these vulnerabilities do not fit into the KEV criteria, owing to factors like missing patches or lack of evidence of active exploitation. Nonetheless, we are noticing higher interest in these threats in hacker channels and urge users to be extra vigilant in tracking vendor updates for these vulnerabilities.<\/span><\/p><table><tbody><tr><td><b>CVE<\/b><\/td><td><b>Vendor\u00a0<\/b><\/td><td><b>Product<\/b><\/td><td><b>CVSS Severity<\/b><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-24284<\/span><\/td><td><span style=\"font-weight: 400;\">Kaswara Project<\/span><\/td><td><span style=\"font-weight: 400;\">Kaswara<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2020-26879<\/span><\/td><td><span style=\"font-weight: 400;\">Commscope<\/span><\/td><td><span style=\"font-weight: 400;\">Ruckus Vriot<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2020-26878<\/span><\/td><td><span style=\"font-weight: 400;\">Commscope<\/span><\/td><td><span style=\"font-weight: 400;\">Ruckus Vriot<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2020-12501<\/span><\/td><td><span style=\"font-weight: 400;\">Pepperl Fuchs, Korenix<\/span><\/td><td><span style=\"font-weight: 400;\">Multiple firmware versions<\/span><\/td><td><span style=\"font-weight: 400;\">CRITICAL<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2018-6055<\/span><\/td><td><span style=\"font-weight: 400;\">Google<\/span><\/td><td><span style=\"font-weight: 400;\">Chrome<\/span><\/td><td><span style=\"font-weight: 400;\">HIGH<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-3180<\/span><\/td><td><span style=\"font-weight: 400;\">WordPress<\/span><\/td><td><span style=\"font-weight: 400;\">WPGateway<\/span><\/td><td><span style=\"font-weight: 400;\">&#8211;<\/span><\/td><\/tr><\/tbody><\/table><p>\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-05e35a0 elementor-widget elementor-widget-text-editor\" data-id=\"05e35a0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div><span style=\"color: #483989; font-size: 36px; font-weight: bold;\">Securin Publicly Called Out KEVs<\/span><\/div><p>Securin\u2019s researchers have called out 203 of the 812 vulnerabilities in the past through detailed blogs, exhaustive coverage of patch watch news items, and comprehensive reports. Below, we look at some of the vulnerabilities that were added to the KEVs post our call out.<\/p><table><tbody><tr><td><b>CVE<\/b><\/td><td><b>Called Out by Securin Experts<\/b><\/td><td><b>Reference Link<\/b><\/td><td><b>Added to CISA<\/b><\/td><td><b>Securin Warning Ahead of CISA (Days)<\/b><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2019-1130<\/span><\/td><td><span style=\"font-weight: 400;\">May 18, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/ransomware-report-2022-q1-download\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Report Q1 2022<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 23, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">5<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2019-1385<\/span><\/td><td><span style=\"font-weight: 400;\">May 19, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/ransomware-report-2022-q1-download\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Report Q1 2022<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 23, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2020-0638<\/span><\/td><td><span style=\"font-weight: 400;\">May 20, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/ransomware-report-2022-q1-download\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Report Q1 2022<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 23, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-30333<\/span><\/td><td><span style=\"font-weight: 400;\">July 08, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-friday-threat-intelligence\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition02<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 09, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">32<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-26923<\/span><\/td><td><span style=\"font-weight: 400;\">July 25, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-july-25-2022-july-29-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition05<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 18,2022<\/span><\/td><td><span style=\"font-weight: 400;\">24<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-2856<\/span><\/td><td><span style=\"font-weight: 400;\">Aug 16, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-august-15-2022-august-19-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition08<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 18,2022<\/span><\/td><td><span style=\"font-weight: 400;\">2<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-0028<\/span><\/td><td><span style=\"font-weight: 400;\">Aug 09, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-august-08-2022-august-12-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition07<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 22, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">13<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-26352<\/span><\/td><td><span style=\"font-weight: 400;\">Aug 8, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/cisa-launches-known-exploited-vulnerabilities-catalog\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CISA Main Blog<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 25, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">17<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-2294<\/span><\/td><td><span style=\"font-weight: 400;\">Aug 8, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/cisa-launches-known-exploited-vulnerabilities-catalog\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CISA Main Blog<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Aug 25, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">17<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2020\u20139934<\/span><\/td><td><span style=\"font-weight: 400;\">July 18, 2022<\/span><\/td><td><p><a href=\"https:\/\/www.securin.io\/cisa-launches-known-exploited-vulnerabilities-catalog\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CISA Main Blog<\/span><\/a><span style=\"font-weight: 400;\">,<\/span><\/p><p><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-july-18-2022-july-22-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition04<\/span><\/a><\/p><\/td><td><span style=\"font-weight: 400;\">Sep 08, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">52<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-40684<\/span><\/td><td><span style=\"font-weight: 400;\">Oct 10, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-october-10-2022-october-14-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition16<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Oct 11, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">1<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-3493<\/span><\/td><td><span style=\"font-weight: 400;\">Sep 9, 2022<\/span><\/td><td><p><a href=\"https:\/\/www.securin.io\/cisa-launches-known-exploited-vulnerabilities-catalog\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CISA Main Blog<\/span><\/a><span style=\"font-weight: 400;\">,<\/span><\/p><p><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-september-05-2022-september-09-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition11<\/span><\/a><\/p><\/td><td><span style=\"font-weight: 400;\">Oct 20, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">41<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-41352<\/span><\/td><td><span style=\"font-weight: 400;\">Oct 3, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-october-3-2022-october-7-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition17<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Oct 20, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">17<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2018-19320<\/span><\/td><td><span style=\"font-weight: 400;\">February 13, 2021<\/span><\/td><td><a href=\"https:\/\/cybersecurityworks.com\/resources\/whitepapers\/ransomware-2021-spotlight-report-through-the-lens-of-threat-and-vulnerability-management.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Spotlight Report 2021<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Oct 24, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">618<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-42827<\/span><\/td><td><span style=\"font-weight: 400;\">Oct 25, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-october-24-2022-october-28-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition18<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Oct 25, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">0<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-26500<\/span><\/td><td><span style=\"font-weight: 400;\">Oct 25, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-october-24-2022-october-28-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition18<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Dec 13, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">49<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-26501<\/span><\/td><td><span style=\"font-weight: 400;\">Oct 25, 2022<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-october-24-2022-october-28-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition18<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Dec 13, 2022<\/span><\/td><td><span style=\"font-weight: 400;\">49<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-0669<\/span><\/td><td><span style=\"font-weight: 400;\">Feb 6, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-feb-13-2023-feb-17-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 32<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 10, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-24990<\/span><\/td><td><span style=\"font-weight: 400;\">Feb 6, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-feb-13-2023-feb-17-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 32<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 10, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2015-2291<\/span><\/td><td><span style=\"font-weight: 400;\">Jan 9, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-may-8-2023-may-12-2023\/#CVE-2023-25717-Ruckus-Flaw\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 29<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 10, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">32<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-23529<\/span><\/td><td><span style=\"font-weight: 400;\">Jan 9, 2023<\/span><\/td><td><a href=\"http:\/\/cve-2015-2291\/\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 29<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 14, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">36<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-46169<\/span><\/td><td><span style=\"font-weight: 400;\">Jan 9, 2023<\/span><\/td><td><a href=\"http:\/\/cve-2015-2291\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 29<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 16, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">38<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-47986<\/span><\/td><td><span style=\"font-weight: 400;\">Feb 13, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-feb-13-2023-feb-17-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 34<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 21, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">8<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">cve-2022-36537<\/span><\/td><td><span style=\"font-weight: 400;\">Feb 20, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-feb-20-2023-feb-24-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 35<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Feb 27, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">7<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-41328<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 14, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-13-2022-mar-17-2022\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 38<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 14, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">Same Day<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-30900<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-38181<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-0266<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-3038<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-22706<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">3<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2017-7494<\/span><\/td><td><span style=\"font-weight: 400;\">Feb 13, 2021<\/span><\/td><td><a href=\"https:\/\/cybersecurityworks.com\/resources\/whitepapers\/ransomware-2021-spotlight-report-through-the-lens-of-threat-and-vulnerability-management.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Spotlight Report 2021<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Mar 30, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">775<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2022-27926<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 27, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/securins-threat-intelligence-mar-27-2023-mar-31-2023\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 40<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">7<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-27876<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-3-2023-apr-7-2023\/#UNC4466-Targets-Vulnerable-Backup-Installations-to-Gain-Initial-Access\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 41<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 07, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-27877<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-3-2023-apr-7-2023\/#UNC4466-Targets-Vulnerable-Backup-Installations-to-Gain-Initial-Access\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 41<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 07, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-27878<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-3-2023-apr-7-2023\/#UNC4466-Targets-Vulnerable-Backup-Installations-to-Gain-Initial-Access\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 41<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 07, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2019-1388<\/span><\/td><td><span style=\"font-weight: 400;\">May 14, 2021<\/span><\/td><td><a href=\"https:\/\/cybersecurityworks.com\/resources\/whitepapers\/ransomware-index-update-q1-2021.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Index Update Q1 2021<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 07, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">693<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-28206<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-3-2023-apr-7-2023\/#UNC4466-Targets-Vulnerable-Backup-Installations-to-Gain-Initial-Access\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 41<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 10, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">7<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-28205<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 03, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-3-2023-apr-7-2023\/#UNC4466-Targets-Vulnerable-Backup-Installations-to-Gain-Initial-Access\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 41<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 10, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">7<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2019-8526<\/span><\/td><td><span style=\"font-weight: 400;\">Jan 02, 2023<\/span><\/td><td><a href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1lnLPfBX-3J_QeF3Qxts601c_GR1meew21hSEgNADkJo\/edit#gid=295946165\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 30<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">Apr 17, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">105<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-1389<\/span><\/td><td><span style=\"font-weight: 400;\">Apr 24, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-apr-24-2023-apr-28-2023\/#CVE-2023-1389-TP-LINK-WAN-Side-Vulnerability\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 44<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 01, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">7<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-21839<\/span><\/td><td><span style=\"font-weight: 400;\">Mar 06, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-mar-6-2023-mar-10-2023\/#poc-released-for-oracle-vulnerability\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 36<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 01, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">56<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2021-45046<\/span><\/td><td><span style=\"font-weight: 400;\">Aug 30, 2022<\/span><\/td><td><p><a href=\"https:\/\/www.securin.io\/articles\/have-you-patched-the-apache-log4j-vulnerability-cve-2021-44228-2\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Apache Log4j Blog<\/span><\/a><span style=\"font-weight: 400;\">,<\/span><a href=\"https:\/\/www.securin.io\/ransomware\/\"><span style=\"font-weight: 400;\">\u00a0<\/span><\/a><\/p><p><a href=\"https:\/\/www.securin.io\/ransomware\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Ransomware Spotlight Report 2023<\/span><\/a><\/p><\/td><td><span style=\"font-weight: 400;\">May 01, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">244<\/span><\/td><\/tr><tr><td><span style=\"font-weight: 400;\">CVE-2023-25717<\/span><\/td><td><span style=\"font-weight: 400;\">May 08, 2023<\/span><\/td><td><a href=\"https:\/\/www.securin.io\/articles\/securins-threat-intelligence-may-8-2023-may-12-2023\/#CVE-2023-25717-Ruckus-Flaw\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Securin Threat Intelligence &#8211; Edition 47<\/span><\/a><\/td><td><span style=\"font-weight: 400;\">May 12, 2023<\/span><\/td><td><span style=\"font-weight: 400;\">4<\/span><\/td><\/tr><\/tbody><\/table><div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\">\u00a0<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-12a71ae elementor-widget elementor-widget-text-editor\" data-id=\"12a71ae\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Threat Analysis<\/h2><p>A major part of our vulnerability research is the analysis of threat groups, including Advanced Persistent (APT) Groups and ransomware groups that are exploiting the vulnerabilities. In this section, we discuss the threat groups associated with the Known Exploited vulnerabilities warned about by CISA.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c9fc9a7 elementor-widget elementor-widget-spacer\" data-id=\"c9fc9a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b086d8 elementor-widget elementor-widget-text-editor\" data-id=\"4b086d8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3>Advanced Persistent Threat (APT) Groups<\/h3><p><strong>240 of CISA KEVs have APT associations, with over 50% of the CVEs linked to multiple groups.\u00a0A huge majority of these APT groups have links to China, followed by Russian state-sponsored groups.<\/strong><\/p><p>CVE-2012-0158 and\u00a0CVE-2017-11882 have over 20\u00a0APT groups associated with each of them, making them pet\u00a0favorites of threat actors.<\/p><ul><li aria-level=\"1\">CVE-2012-0158 is a remote code execution vulnerability in Microsoft\u2019s Windows Common Controls (MSCOMCTL.OCX). With a critical CVSS severity of 9.3, the vulnerability belongs to the weakness CWE-94, leading to code injection issues.<\/li><li aria-level=\"1\">CVE-2017-11882 is a remote code execution vulnerability that exists in Microsoft Office versions 2007 to 2016.\u00a0 Its weakness CWE-119, leads to Improper Restriction of Operations within the Bounds of a Memory Buffer, one of the Top 20 Most Dangerous Software Weaknesses as listed by MITRE<\/li><\/ul><p><a href=\"https:\/\/www.securin.io\/articles\/solarwinds-attackers-at-it-again-in-back-to-back-campaigns\/\" target=\"_blank\" rel=\"noopener\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/blog\/vulnerabilities\/solarwind-attackers-at-it-again-in-back-to-back-campaigns.html\">APT29 or the Nobelium<\/a> group is the single most prolific APT\u00a0amongst this group, with links to 53 of the APT vulnerabilities. This is the threat group behind the infamous <a href=\"https:\/\/www.securin.io\/articles\/vulnerability-analysis-solarwinds-orion-network-management\/\" target=\"_blank\" rel=\"noopener\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/vulnerability-analysis-solarwinds-orion-network-management.html\">SolarWinds supply chain<\/a> attack back in December 2021.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5b56bf elementor-widget elementor-widget-spacer\" data-id=\"b5b56bf\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-af20ab5 elementor-widget elementor-widget-text-editor\" data-id=\"af20ab5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h3>Ransomware<\/h3><p><strong>230 of CISA KEVs have ransomware associations, with over 50% linked to multiple groups. Eight\u00a0vulnerabilities have been identified as exploited by more than 10 ransomware groups each.<\/strong><\/p><p>CVE-2015-0359 has more than 50 ransomware associations with the likes of Cerber, Reveton, Cryptomix and Magniber on the list. CVE-2013-7331 and CVE-2013-3896 have more than 35 groups associated with each of them, including the infamous Sodinokibi and Cerber families.<\/p><p>A notable call out is CVE-2017-0143 which has 11 ransomware associations and 9 APT associations, marking it as a formidable threat to organizations using Microsoft Server Message Block servers. The Citrix vulnerability, CVE-2019-19781, is another worthy mention with 12 ransomware and 7 APT associations.<\/p><p><strong><span style=\"color: #000000;\">Read more about the vulnerabilities called out by CISA that are associated with ransomware<\/span> <a href=\"https:\/\/www.securin.io\/articles\/20-percent-of-cves-listed-in-cisas-latest-directive-have-ransomware-associations\/\" target=\"_blank\" rel=\"noopener\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/blog\/advisory\/20-percent-of-cves-listed-in-cisas-latest-directive-have-ransomware-associations.html\">here<\/a>.<\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9009906 elementor-widget elementor-widget-spacer\" data-id=\"9009906\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-355b0bd elementor-widget elementor-widget-text-editor\" data-id=\"355b0bd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Exploit Analysis<\/h2><p><strong>All the CISA KEVs have faced heavy exploitation at one point of time or the other. Exploits available for these KEVs include exploits falling into four different categories:<\/strong><\/p><ul><li aria-level=\"1\">Remote Code Execution (RCE) that can allow attackers to execute custom code from anywhere<\/li><li aria-level=\"1\">Privilege Escalation (PE) providing attackers with elevated privileges once they gain entry into a network<\/li><li aria-level=\"1\">Denial of Service (DoS) that can lead to network takeovers or complete shutdown<\/li><li aria-level=\"1\">Web Application (WebApp) Exploit codes capable of compromising web applications.<\/li><\/ul><p><strong><span style=\"color: #000000;\">Let&#8217;s look into an exploit breakdown for the CISA vulnerabilities.<\/span><\/strong><\/p><table><thead><tr><th>Exploit Type<\/th><th>No. of CVEs<\/th><\/tr><\/thead><tbody><tr><td>RCE\/PE<\/td><td>424<\/td><\/tr><tr><td>RCE<\/td><td>363<\/td><\/tr><tr><td>PE<\/td><td>230<\/td><\/tr><tr><td>DoS<\/td><td>98<\/td><\/tr><tr><td>WebApp<\/td><td>287<\/td><\/tr><\/tbody><\/table><p><em>Note: Some CVEs have multiple exploits associated with them.<\/em><\/p><p><strong><span style=\"color: #000000;\">With over 40% of the vulnerabilities having dangerous RCE\/PE exploit codes, it is of utmost importance that organizations address these vulnerabilities at the earliest. If exploited, the consequences could be grave.<\/span><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6568e5c elementor-widget__width-initial elementor-widget elementor-widget-spacer\" data-id=\"6568e5c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ea89261 elementor-widget elementor-widget-text-editor\" data-id=\"ea89261\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Latency Analysis<\/h2><p>As part of our exploit analysis, we studied the latencies in the National Vulnerability Database (NVD) disclosure that magnified the impact of the exploited vulnerabilities.<\/p><table><tbody><tr><td><strong>Latency Metrics<\/strong><\/td><td><strong>Overall<\/strong><\/td><td><strong>Critical<\/strong><\/td><td><strong>High<\/strong><\/td><td><strong>Medium<\/strong><\/td><td><strong>Low<\/strong><\/td><\/tr><tr><td>Exploit before patch<\/td><td>188<\/td><td>98<\/td><td>76<\/td><td>14<\/td><td>&#8211;<\/td><\/tr><tr><td>Same day<\/td><td>121<\/td><td>44<\/td><td>65<\/td><td>12<\/td><td>&#8211;<\/td><\/tr><tr><td>Exploit after patch<\/td><td>548<\/td><td>178<\/td><td>292<\/td><td>76<\/td><td>2<\/td><\/tr><\/tbody><\/table><p>Further, we also compared latencies\u00a0with respect to patches released for the vulnerabilities to understand the trends behind attacks waged by hackers and threat actors alike.<\/p><table><tbody><tr><td><strong>Latency Metrics<\/strong><\/td><td><strong>Overall<\/strong><\/td><td><strong>Critical<\/strong><\/td><td><strong>High<\/strong><\/td><td><strong>Medium<\/strong><\/td><td><strong>NA<\/strong><\/td><\/tr><tr><td>Same day<\/td><td>373<\/td><td>108<\/td><td>91<\/td><td>15<\/td><td>1<\/td><\/tr><tr><td>Patch after CVE disclosure<\/td><td>223<\/td><td>98<\/td><td>72<\/td><td>17<\/td><td>&#8211;<\/td><\/tr><tr><td>Patch before CVE disclosure<\/td><td>276<\/td><td>123<\/td><td>225<\/td><td>56<\/td><td>2<\/td><\/tr><\/tbody><\/table><p><em>Note: The vulnerability disclosure date is considered as the earliest date on which the CVE is released to the public, either by its vendor or the NVD.<\/em><strong><br \/><\/strong><\/p><p><strong>We identified some interesting observations from our latency analysis of the CISA KEVs.<\/strong><\/p><ul><li aria-level=\"1\">Attackers are going after vulnerabilities even if they have existing patches or workarounds. Interestingly, most of the exploit codes were made publicly available after a patch was released for the vulnerability. This makes a strong case for organizations to revisit their patching cadence and address the vulnerabilities with a higher probability of exploitation.<\/li><li aria-level=\"1\">Vulnerabilities are often identified and patched before they are added to the NVD. Thus, while the NVD is a reliable source, organizations need a more accurate threat intelligence platform to remediate potential threats proactively.<\/li><\/ul><p><strong><span style=\"color: #000000;\">Read more about our deeper analysis into the latencies<\/span> <a href=\"https:\/\/cybersecurityworks.com\/blog\/cisa\/latency-analysis-of-dhs-cisa-kev.html\" data-cke-saved-href=\"https:\/\/cybersecurityworks.com\/blog\/cisa\/latency-analysis-of-dhs-cisa-kev.html\">here<\/a><span style=\"color: #000000;\">.<\/span><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0a709ca elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"0a709ca\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Interesting Nuggets<\/h2><p>CISA temporarily removes Windows vulnerability:\u00a0On May 13, 2022, CISA removed CVE-2022-26925 from its KEV catalog as Microsoft botched its May patch update for the vulnerability that was being exploited and could result in authentication failures. On July 1, 2022, CISA re-added this security bug that resulted from\u00a0Active Directory (AD) certificate authentication issues. CISA continues to urge administrators to apply the May updates to Windows client devices and non-domain controller Windows servers.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f552d39 elementor-widget__width-initial elementor-widget elementor-widget-spacer\" data-id=\"f552d39\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc40009 elementor-widget elementor-widget-text-editor\" data-id=\"bc40009\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Weakness Analysis<\/h2><p>The\u00a0CISA KEVs are manifestations of over 70 different weaknesses in software. Almost 70% of these common weakness enumerations (CWEs) are part of MITRE\u2019s Top 41 CWEs, and 57% are categorized under OWASP\u2019s Top 10 error categories. This highlights the serious implications of these vulnerabilities that are present across hundreds of products currently being used by thousands of users.<\/p><p><strong><span style=\"color: #000000;\">Here is a look into the top five\u00a0weaknesses paving the way for the CISA KEVs:<\/span><\/strong><\/p><table><thead><tr><th>Weakness<\/th><th>Description<\/th><th>Number of vulnerabilities<\/th><th>OWASP Ranking<\/th><th>MITRE Ranking<\/th><\/tr><\/thead><tbody><tr><td>CWE-20<\/td><td>Improper input validation<\/td><td>109<\/td><td>A3 (Sensitive Data Exposure)<\/td><td>4<\/td><\/tr><tr><td>CWE-119<\/td><td>Improper Restriction of Operations within the Bounds of a Memory Buffer<\/td><td>82<\/td><td>&#8211;<\/td><td>17<\/td><\/tr><tr><td>CWE-787<\/td><td>Out-of-bounds Write<\/td><td>76<\/td><td>&#8211;<\/td><td>1<\/td><\/tr><tr><td>CWE-78<\/td><td>Improper Neutralization of Special Elements used in an OS Command (&#8216;OS Command Injection&#8217;)<\/td><td>54<\/td><td>A3 (Sensitive Data Exposure)<\/td><td>5<\/td><\/tr><tr><td>CWE-416<\/td><td>Use after free<\/td><td>47<\/td><td>&#8211;<\/td><td>7<\/td><\/tr><\/tbody><\/table><p>All developers need to be aware of the weaknesses they are introducing during the design stage and take steps to avoid such errors at the source.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c2ac58 elementor-widget__width-initial elementor-widget elementor-widget-spacer\" data-id=\"0c2ac58\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-afbb5c3 elementor-widget elementor-widget-text-editor\" data-id=\"afbb5c3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>Patch Analysis<\/h2><p>About 47%\u00a0of the CISA KEVs have direct patches available. For the rest, mitigations such as upgrades or workarounds are available. Overall, 50% of the CISA KEVs have workarounds. We strongly recommend organizations to immediately apply the workarounds in the event that they are unable to patch the vulnerabilities immediately.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-600383d elementor-widget__width-initial elementor-widget elementor-widget-spacer\" data-id=\"600383d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e8bd1d elementor-widget elementor-widget-text-editor\" data-id=\"3e8bd1d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<h2>The Way Forward<\/h2><p>A meticulous remediation drive is definitely the need of the hour, as it forces the hand of federal entities and critical organizations to take immediate action to improve their cyber hygiene.<\/p><p>However, with the CISA KEV list now expanding to include 900+ vulnerabilities, organizations that haven&#8217;t managed to keep up are at a loss. With no threat context available, security teams are struggling to prioritize from amongst these KEVs.<\/p><p><strong>Securin researchers have been closely monitoring the developments, and we can help organizations understand why a certain KEV needs to be prioritized. Our definitive threat intelligence can provide the much needed threat context to connect the dots and close the gaps in your security strategy!<\/strong><\/p><p><em><strong>Note: <\/strong>This story is continuously evolving, so please follow our blogs to keep abreast of the updates to the CISA KEV, and their detailed analysis.<\/em><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 933 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!<\/p>\n","protected":false},"author":1,"featured_media":7224,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,110],"tags":[107,89,114,113,112,91,139],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7218"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=7218"}],"version-history":[{"count":162,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7218\/revisions"}],"predecessor-version":[{"id":20541,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7218\/revisions\/20541"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/7224"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=7218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=7218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=7218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}