CISA’s 2024 KEV Catalog Update: Insights on Vulnerabilities and Emerging Trends

Published:

spot_img

2024 Update: Expansion of CISA’s Known Exploited Vulnerabilities (KEV) Catalog

CISA Expands Cybersecurity Catalog Amid Rising Threats

In a proactive move to bolster national cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding 185 new vulnerabilities in 2024. This brings the total to 1,238 software and hardware flaws that are actively targeted by cybercriminals, posing significant risks to critical infrastructure and data security across various sectors.

Launched in November 2021, the KEV catalog has seen a steady increase in entries, reflecting the persistent threat of cyberattacks. While the number of new vulnerabilities added this year is slightly lower than the previous year, the catalog continues to include a mix of recent and older vulnerabilities, some dating back to 2002. Notably, vulnerabilities like CVE-2012-4792, a flaw in Microsoft Internet Explorer, remain actively exploited, underscoring the importance of addressing both new and legacy vulnerabilities.

Among the newly added vulnerabilities, OS Command Injection (CWE-78) emerged as the most common, appearing in 14 entries. This type of vulnerability allows attackers to execute unauthorized commands on a system, potentially leading to severe breaches. Other prevalent weaknesses include Deserialization of Untrusted Data (CWE-502) and Use After Free (CWE-416), highlighting the diverse nature of threats facing organizations today.

Microsoft continues to lead the list of vendors with vulnerabilities, accounting for 36 entries in 2024, followed by Ivanti with 11. The presence of vulnerabilities across major companies like Google, Adobe, and Apple illustrates the widespread nature of cybersecurity challenges.

As cyber threats evolve, CISA’s KEV catalog serves as a crucial resource for IT security teams, emphasizing the need for vigilance and proactive measures to safeguard against potential exploits.

spot_img

Related articles

Recent articles

US Treasury Strengthens Ransomware Sanctions Against VPN Provider and Malware Service

U.S. Treasury Strengthens Ransomware Sanctions Against VPN Provider and Malware Service The U.S. Treasury Department has taken significant steps to combat ransomware by imposing new...

Russia’s FSB Blamed for Poland’s Grid Attack as UK and EU Launch Coordinated Cyber Sanctions

Russia's FSB Blamed for Poland's Grid Attack as UK and EU Launch Coordinated Cyber Sanctions A significant cyberattack last winter, which nearly disrupted heating for...

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale Recent investigations by cybersecurity researchers have unveiled a series of sophisticated campaigns where...

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive As organizations in the UAE and Saudi Arabia advance in their artificial intelligence...