New level of transparency: CISA discloses ransomware data in its notifications
CISA came up with something new regarding malware.
The leading US cybersecurity agency has announced plans to add a section on malware groups to its list of vulnerabilities being exploited by hackers.
Officials of the Cybersecurity and Infrastructure Security Agency (CISA) is the agency responsible for protecting U.S. critical infrastructure from cyber threats. It monitors and analyzes threats, develops security recommendations, and provides technical and information support to organizations in this industry.CISA also partners with other government agencies and the private sector to improve cybersecurity in the country.
” data-html=”true” data-original-title=”CISA”>CISA) said that all organizations will now have access to information about which vulnerabilities are commonly associated with malware attacks through their Known Exploitable Vulnerabilities (KEV) directory. .
Previously, this information was only provided through CISA’s Malware Vulnerability Alert Pilot Program (RVWP). Under this program, CISA identified organizations with Internet-accessible vulnerabilities that were often associated with known malware actors.
Sandra Radesky, CISA’s deputy director of vulnerability management, and Gabrielle Davis, chief risk advisor, said the KEV directory will now include a “Known to use malware in campaigns” column.
In addition, CISA has developed a second new RVWP resource that serves as an additional list of misconfigurations and weaknesses known to be used in malware campaigns. This list will help organizations quickly identify services that are known to be used by threat actors and implement appropriate mitigation measures.
CISA has added the 1000th Vulnerability – a flaw in a computer system, the use of which can lead to a violation of the integrity of the system and incorrect operation. Vulnerabilities arise as a result of programming errors, flaws in the system design, weak passwords, malware, script and SQL injections.
The vulnerability allows an attacker to disrupt the correct operation of the application, for example, by injecting data in an unplanned way; execute a command on the system on which the application is running; or, using an omission that allows memory access to execute code at the program’s privilege level. Writing data to a buffer without checking its boundaries leads to a buffer overflow and, as a result, arbitrary code is executed. This is also a vulnerability. Insufficient validation of user input results in a vulnerability that allows direct SQL execution (SQL injection).
” data-html=”true” data-original-title=”Vulnerability”>vulnerability was added to the KEV list three weeks ago, and it has quickly become the go-to source for information on the most troubling vulnerabilities being exploited by a wide range of hackers.
To date, RVWP has notified organizations of more than 800 vulnerable systems that have vulnerabilities accessible from the Internet and which are often associated with malware campaigns.
The RVWP was created as part of the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. CISA Director Jen Easterly said the new incident reporting rules will allow government officials to better understand how their actions impact the number of malware attacks faced by U.S. organizations.
