Threat Management, Vulnerability Management

Nearly 900 flaws listed in CISA vulnerability catalog

Security flaws included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities have totaled 868 by the end of 2022, 557 of which were added last year, reports SecurityWeek. VulnCheck researchers discovered that a 2022 CVE identifier was given to 93 of the vulnerabilities added last year, 22 of which had their own names, including ProxyNotShell, EternalBlue, Heartbleed, and Dirty Pipe. Most of the flaws added to CISA's KEV catalog last year impacted operating systems and Internet of Things products, with exploitation primarily led by advanced persistent threat groups, ransomware operations, and botnets. "The KEV Catalog isnt an early warning system, but warning everyone about exploitation in the wild within a week of the first public exploit or exploitation details at a 52% rate is very respectable. Of course, that doesnt tell the full story. There are a whole bunch of vulnerabilities published in 2022 that are known to have been exploited and arent on the CISA KEV list," said VulnCheck.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.