CISA KEV Blogs

Read about the latest news and updates from the cybersecurity ecosystem.

linkedin

Posted on Jun 29, 2022 5 minutes

MITRE Mapping of CISA KEVs and its Challenges

This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK

MITRE CISA KEVs
Read More

CSW Research Team

Posted on May 25, 2022

CVE-2022-22972: DHS CISA Directs Federal Agencies to Take Immediate Action Against VMware Bugs

The U.S. Cybersecurity and Infrastructure Agency issued an emergency security directive over VMware vulnerabilities, which threat actors are likely to exploit.

Read More

Pavithra Shankar

Posted on Mar 2, 2022 | Updated on July 6, 2022 5 minutes

Latency Analysis of DHS CISA KEVs

In this blog, CSW experts analyzed CISA’s Known Exploited Vulnerabilities (KEV) list for latencies in publishing, exploiting, and patching to understand how fast attackers are weaponizing them for attacks.

DHS CISA Zero Days Patch Latency Exploit Latency CISA KEVs
Read More

Priya Ravindran, Sumeetha Manikandan

Posted on Mar 2, 2022 | Updated on March 01, 2023 3 minutes

Top Scanners Fail to Flag DHS CISA-warned Known Exploited Vulnerabilities (KEV)

We looked into the DHS CISA KEV catalog one step further and found that 59 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys. Click here to know more!

DHS CISA APT Groups Qualys Nexpose Nessus Ransomware CISA KEVs
Read More

Pavithra Shankar, Priya Ravindran

Posted on Jan 4, 2022 5 minutes

Top 5 Affected Products in CISA’s Catalog of Known Exploited Vulnerabilities (KEV)  

Our researchers analyzed CISA’s catalog of Known Exploited Vulnerabilities (KEV) to study the most affected products by number of vulnerabilities. Read on to learn more about their analysis.

CISA KEVs
Read More

Surojoy Gupta

Posted on Dec 6, 2021 5 minutes

Top Affected Vendors according to CISA’s Catalog of Known Exploited Vulnerabilities (KEV)

While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products. In this blog, we have taken a detailed look at top five vendors and the vulnerabilities that plague them.

CISA KEVs
Read More

Surojoy Gupta

Posted on Nov 22, 2021 | Updated on March 01, 2023 5 minutes

CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities

The DHS Cybersecurity and Infrastructure Security Agency (CISA) released a directive with a list of 887 known and exploited vulnerabilities that public sector entities and organizations need to patch immediately!

DHS CISA Patching Deadline APT Groups Ransomware Patch Latency Exploit Latency CISA KEVs
Read More

Surojoy Gupta, Priya Ravindran, Pavithra Shankar

Categories

Advisory

CISA KEV

Cloud Security

Cyber Risk

Ransomware

Technology

Vulnerabilities

Zero Days

Tags

Vice Society

DHS CISA

Patching Deadline

MITRE

Storage

VPN

Weekly Threat Intelligence

Healthcare

APT Groups

Spring4Shell

UNC1151

Wizard Spider

Nobelium

Gamaredon

Conti

IoCs

Qualys

Nexpose

Nessus

Ransomware

Malware

Cyberwar

Zero Days

Patch Latency

Exploit Latency

Cloud Security

CISA KEVs

#Ransomware

Ransomware Spotlight Report 2021

Ransomware Index Update 2021 Q1

#COVID Resources

Cyber Risk in Remote Working

Cyber Risk in Online Conferencing