FYSA
CISA has released (TLP:WHITE) Current Activity: CISA Adds Five Known Exploited
Vulnerabilities to
Catalog<https://us-cert.cisa.gov/ncas/current-activity/2021/12/01/cisa-adds-five-known-exploited-vulnerabilities-catalog>.
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities
Catalog<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>, based on
evidence that threat actors are actively exploiting the vulnerabilities listed
in the CA. These types of vulnerabilities are a frequent attack vector for
malicious cyber actors of all types and pose significant risks.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of
Known Exploited Vulnerabilities<https://cyber.dhs.gov/bod/22-01> established
the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that
pose significant risk to the federal enterprise.
CISA Recommendations:
* Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all
organizations to reduce their exposure to cyberattacks by prioritizing timely
remediation of Catalog
vulnerabilities<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>
as part of their vulnerability management practice.
We kindly request any questions or feedback related to this product be reported
to CISA at https://us-cert.cisa.gov/report, ;
Central@xxxxxxxxxxxx<mailto:Central@xxxxxxxxxxxx>, or 888-282-0870.
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image007.png@01D7E6A0.12941750]