[SECURITY-L] CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

[CSIRT Unicamp]

Prezados, bom dia.

Encaminho informações úteis que a CISA ( Cybersecurity e Infraestructure
Security Agency ) está publicando com a finalidade de melhorar a segurança
em geral e principalmente contra Ransomware.

O primeiro link trata do KEV "Known Exploited Vulnerabilities Catalog" que
trata de uma tabela regularmente atualizada das vulnerabilidade mais
exploradas.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

O segundo link são informações de serviços e portas que frequentemente são
utilizadas como vetores de entradas de atacantes e a forma para mitigar os
problemas.

https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns

E por último um link de legendas para entender as ações que devem ser
tomadas no link anterior:

https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

Abaixo encaminho a mensagem original do CISA.

-------------------------
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and
Misconfigurations Linked to Ransomware
<https://www.cisa.gov/news-events/alerts/2023/10/12/cisa-releases-new-resources-identifying-known-exploited-vulnerabilities-and-misconfigurations-linked>
10/12/2023 08:00 AM EDT

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP)
<https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot>,
CISA launched two new resources for combating ransomware campaigns:

   - A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog
   <https://www.cisa.gov/known-exploited-vulnerabilities-catalog> that
   identifies KEVs associated with ransomware campaigns.
   - A “Misconfigurations and Weaknesses Known to be Used in Ransomware
   Campaigns” table on StopRansomware.gov
   <https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns>
that
   identifies misconfigurations and weaknesses associated with ransomware
   campaigns. The table features a column that identifies the Cyber
   Performance Goal (CPG)
   <https://www.cisa.gov/cross-sector-cybersecurity-performance-goals> action
   for each misconfiguration or weakness.

These two new resources will help organizations become more cybersecure by
providing mitigations that protect against specific KEVs,
misconfigurations, and weaknesses associated with ransomware.

CISA encourages all organizations to review the blog about this RVWP effort
<https://www.cisa.gov/news-events/news/ransomware-vulnerability-warning-pilot-updates-now-one-stop-resource-known-exploited-vulnerabilities>,
as well as the new KEV catalog
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog> column and
updated StopRansomware.gov site
<https://www.cisa.gov/stopransomware/misconfigurations-and-weaknesses-known-be-used-ransomware-campaigns>
and
implement applicable mitigations today.
------------------------------------

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20231016/19cdf60a/attachment.html>