Ransomware, Vulnerability Management, Malware

CISA to deploy automated vulnerability warning program by year end

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.

More than 2,000 warnings regarding software flaws actively targeted by ransomware gangs have already been provided by the software to nearly 7,000 organizations since being piloted in January 2023 under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, said Easterly at an Institute for Security and Technology-hosted event.

"The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched," Easterly noted.

While alerts will be given to organizations that have already shown interest in the agency's cyber hygiene scanning tool, Easterly said that CISA could also warn entities that have appeared on Shodan and other internet-scanning services.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.