[SECURITY-L] CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
CSIRT Unicamp
security em unicamp.br
Segunda Outubro 16 09:26:21 -03 2023
Prezados, bom dia.
Encaminho informações úteis que a CISA ( Cybersecurity e Infraestructure
Security Agency ) está publicando com a finalidade de melhorar a segurança
em geral e principalmente contra Ransomware.
O primeiro link trata do KEV "Known Exploited Vulnerabilities Catalog" que
trata de uma tabela regularmente atualizada das vulnerabilidade mais
exploradas.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
O segundo link são informações de serviços e portas que frequentemente são
utilizadas como vetores de entradas de atacantes e a forma para mitigar os
problemas.
https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns
E por último um link de legendas para entender as ações que devem ser
tomadas no link anterior:
https://www.cisa.gov/cross-sector-cybersecurity-performance-goals
Abaixo encaminho a mensagem original do CISA.
-------------------------
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and
Misconfigurations Linked to Ransomware
<https://www.cisa.gov/news-events/alerts/2023/10/12/cisa-releases-new-resources-identifying-known-exploited-vulnerabilities-and-misconfigurations-linked>
10/12/2023 08:00 AM EDT
Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP)
<https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot>,
CISA launched two new resources for combating ransomware campaigns:
- A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> that
identifies KEVs associated with ransomware campaigns.
- A “Misconfigurations and Weaknesses Known to be Used in Ransomware
Campaigns” table on StopRansomware.gov
<https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns>
that
identifies misconfigurations and weaknesses associated with ransomware
campaigns. The table features a column that identifies the Cyber
Performance Goal (CPG)
<https://www.cisa.gov/cross-sector-cybersecurity-performance-goals> action
for each misconfiguration or weakness.
These two new resources will help organizations become more cybersecure by
providing mitigations that protect against specific KEVs,
misconfigurations, and weaknesses associated with ransomware.
CISA encourages all organizations to review the blog about this RVWP effort
<https://www.cisa.gov/news-events/news/ransomware-vulnerability-warning-pilot-updates-now-one-stop-resource-known-exploited-vulnerabilities>,
as well as the new KEV catalog
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> column and
updated StopRansomware.gov site
<https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns>
and
implement applicable mitigations today.
------------------------------------
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20231016/19cdf60a/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L