Monitor changes on KEV list to secure your team

August 8, 2024
1 min read


TLDR:

  • Monitoring the Known Exploited Vulnerabilities (KEV) list can help security teams prioritize patching.
  • Silent changes to already-documented flaws can indicate shifts in severity.

Organizations using the KEV catalog to prioritize patching should pay attention to silent changes in the list that could signal shifts in a vulnerability’s severity. The catalog, managed by the Cybersecurity and Infrastructure Security Agency (CISA), tracks vulnerabilities known to have been exploited in the wild. While the list does not rank the severity of issues, specific changes such as shorter remediation times and updates on ransomware status can provide valuable information for security teams. Glenn Thorpe of GreyNoise Intelligence emphasizes the importance of monitoring these changes, as they can help organizations focus on critical vulnerabilities.

The KEV catalog has evolved over the years, with a surge in exploited vulnerabilities during the Russia-Ukraine conflict and changes in CISA’s policies on prioritizing vulnerabilities. Thorpe notes that large software platforms like Microsoft, Apple, Cisco, Adobe, and Google are often targeted by cyberattackers, highlighting the need for organizations to patch vulnerabilities promptly. Additionally, changes in how CISA handles KEV-catalog announcements, such as setting shorter remediation deadlines and Friday updates, can provide insights into the agency’s priorities.

Security teams should pay close attention to updates in the KEV list, especially changes to ransomware usage flags, due dates for fixing vulnerabilities, and policy changes inferred from how CISA updates the catalog. By staying vigilant and monitoring these key elements, organizations can effectively prioritize patching efforts and enhance their overall security posture.


Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives