Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
CISA came up with something new about malware.
A leading US cybersecurity agency has announced plans to add a section dedicated to groups using malware to its list of vulnerabilities exploited by hackers.
Officials from the Cybersecurity and Infrastructure Protection Agency (CISA) said that all organizations will now have access to information about which vulnerabilities are often associated with malware attacks through their catalog of known exploited vulnerabilities (KEV).
Previously, this information was provided only through the CISA Malware Vulnerability Warning Pilot Program (RVWP). Under this program, CISA identified organizations with Internet-accessible vulnerabilities that were often associated with known malware actors.
Sandra Radeski, CISA's Deputy Director of Vulnerability Management, and Gabrielle Davis, Chief Risk Advisor, said that the KEV catalog will now have a column titled "Known to use malware in campaigns."
In addition, CISA has developed a second new RVWP resource, which serves as an additional list of misconfigurations and weaknesses known to be used in malware campaigns. This list will help organizations quickly identify services that are known to be used by threat actors and implement appropriate measures to eliminate threats.
CISA added the 1,000 th vulnerability to the KEV list three weeks ago, and it quickly became the main source of information about the most worrying vulnerabilities used by a wide range of hackers.
So far, RVWP has notified organizations of more than 800 vulnerable systems that have vulnerabilities that are accessible from the Internet and that are often associated with malware campaigns.
RVWP was created as part of the implementation of the Critical Infrastructure Cyber Incident Reporting Act (CIRCIA) 2022. CISA director Jen Easterly said the new incident reporting rules will allow government officials to better understand how their actions affect the number of malware attacks that U.S. organizations face.
A leading US cybersecurity agency has announced plans to add a section dedicated to groups using malware to its list of vulnerabilities exploited by hackers.
Officials from the Cybersecurity and Infrastructure Protection Agency (CISA) said that all organizations will now have access to information about which vulnerabilities are often associated with malware attacks through their catalog of known exploited vulnerabilities (KEV).
Previously, this information was provided only through the CISA Malware Vulnerability Warning Pilot Program (RVWP). Under this program, CISA identified organizations with Internet-accessible vulnerabilities that were often associated with known malware actors.
Sandra Radeski, CISA's Deputy Director of Vulnerability Management, and Gabrielle Davis, Chief Risk Advisor, said that the KEV catalog will now have a column titled "Known to use malware in campaigns."
In addition, CISA has developed a second new RVWP resource, which serves as an additional list of misconfigurations and weaknesses known to be used in malware campaigns. This list will help organizations quickly identify services that are known to be used by threat actors and implement appropriate measures to eliminate threats.
CISA added the 1,000 th vulnerability to the KEV list three weeks ago, and it quickly became the main source of information about the most worrying vulnerabilities used by a wide range of hackers.
So far, RVWP has notified organizations of more than 800 vulnerable systems that have vulnerabilities that are accessible from the Internet and that are often associated with malware campaigns.
RVWP was created as part of the implementation of the Critical Infrastructure Cyber Incident Reporting Act (CIRCIA) 2022. CISA director Jen Easterly said the new incident reporting rules will allow government officials to better understand how their actions affect the number of malware attacks that U.S. organizations face.
