CISA Adds 75 Flaws to Known Vulnerability Catalog in 3 Days
The U.S. Cybersecurity and Infrastructure Security Agency added 75 flaws to its catalog of known exploited software vulnerabilities. The vulnerabilities were disclosed as part of three separate batches on three consecutive days - it released batches of 21, 20 and 34 vulnerabilities on Monday, Tuesday and Wednesday respectively.
The known exploited vulnerability catalog requires federal civilian agencies to patch vulnerabilities known to be actively exploited in the wild.
Experts say that a "significant" number of the listed vulnerabilities are old flaws - some dating back a decade. "Most of these are several years old at the minimum and some even go back 12 years. It's curious that known vulnerabilities published by NIST over a decade ago are only just now being added to the CISA catalog," says Matthew Gribben, independent cybersecurity expert and former GCHQ cybersecurity consultant.