CISA’s 2024 KEV Catalog Update: Insights on Vulnerabilities and Emerging Trends

Published:

spot_img

2024 Update: Expansion of CISA’s Known Exploited Vulnerabilities (KEV) Catalog

CISA Expands Cybersecurity Catalog Amid Rising Threats

In a proactive move to bolster national cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding 185 new vulnerabilities in 2024. This brings the total to 1,238 software and hardware flaws that are actively targeted by cybercriminals, posing significant risks to critical infrastructure and data security across various sectors.

Launched in November 2021, the KEV catalog has seen a steady increase in entries, reflecting the persistent threat of cyberattacks. While the number of new vulnerabilities added this year is slightly lower than the previous year, the catalog continues to include a mix of recent and older vulnerabilities, some dating back to 2002. Notably, vulnerabilities like CVE-2012-4792, a flaw in Microsoft Internet Explorer, remain actively exploited, underscoring the importance of addressing both new and legacy vulnerabilities.

Among the newly added vulnerabilities, OS Command Injection (CWE-78) emerged as the most common, appearing in 14 entries. This type of vulnerability allows attackers to execute unauthorized commands on a system, potentially leading to severe breaches. Other prevalent weaknesses include Deserialization of Untrusted Data (CWE-502) and Use After Free (CWE-416), highlighting the diverse nature of threats facing organizations today.

Microsoft continues to lead the list of vendors with vulnerabilities, accounting for 36 entries in 2024, followed by Ivanti with 11. The presence of vulnerabilities across major companies like Google, Adobe, and Apple illustrates the widespread nature of cybersecurity challenges.

As cyber threats evolve, CISA’s KEV catalog serves as a crucial resource for IT security teams, emphasizing the need for vigilance and proactive measures to safeguard against potential exploits.

spot_img

Related articles

Recent articles

Ethiopia and Italy Unveil €1.7 Million Project to Enhance Resilience and Preserve Heritage in Tigray’s Wukro-Gheralta Region

Innovative Partnership for Cultural Resilience in Ethiopia Introduction of a Groundbreaking Initiative In a significant move aimed at enhancing community resilience, the Ministry of Finance (MoF)...

2025’s Top 10 Dark Web Monitoring Tools

Navigating Dark Web Monitoring: Top Tools for Cybersecurity in 2025 In today's digital landscape, where cyber threats are increasingly sophisticated, protecting sensitive information has never...

UAE Launches Comprehensive Work Bundle for Domestic Worker Visas and Services

UAE Expands Work Bundle to Enhance Domestic Worker Services The United Arab Emirates has recently expanded its unified government services platform, known as Work Bundle,...

Australia Enhances Cybersecurity for Critical Infrastructure with ‘CI Fortify’ Initiative

Australia Launches CI Fortify to Bolster Cybersecurity for Critical Infrastructure As cyber threats continue to escalate in Australia, the introduction of CI Fortify marks a...