CISA Enhances Transparency: Unveiling Ransomware Data and Malware Vulnerabilities for Improved Cybersecurity

2023-10-14 19:54:42
New level of transparency: CISA discloses ransomware data in its notifications CISA has come up with something new on malware. The leading US cybersecurity agency has announced plans to add a section on malware groups to its list of vulnerabilities being exploited by hackers. Cybersecurity and Infrastructure Security Agency (CISA) officials said all organizations will now have access to information regarding which vulnerabilities are commonly associated with malware attacks through their catalog of known exploitable vulnerabilities (KEVs). Previously, this information was only provided through CISA’s Malware Vulnerability Alert Pilot Program (RVWP). Under this program, CISA identified organizations with Internet-accessible vulnerabilities that were often associated with known malware actors. Sandra Radesky, CISA’s deputy director of vulnerability management, and Gabrielle Davis, chief risk advisor, said the KEV directory will now include a “Known to use malware in campaigns” column. In addition, CISA has developed a second new RVWP resource that serves as an additional list of misconfigurations and weaknesses known to be used in malware campaigns. This list will help organizations quickly identify services that are known to be used by threat actors and implement appropriate mitigation measures. CISA added the 1,000th vulnerability to the KEV list three weeks ago, and it has quickly become the go-to source for information on the most troubling vulnerabilities being exploited by a wide range of hackers. To date, RVWP has notified organizations of more than 800 vulnerable systems that have vulnerabilities accessible from the Internet and which are often associated with malware campaigns. The RVWP was created as part of the implementation of the Cyber ​​Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. CISA Director Jen Easterly said the new incident reporting rules will allow government officials to better understand how their actions impact the number of malware attacks faced by U.S. organizations.
1697320217
#CISA #Discloses #Ransomware #Data #Alerts

Leave a Replay