Does CISA's KEV Catalog Speed Up Remediation?

Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. [TechWeb]( Follow Dark Reading: [RSS]( May 08, 2024 LATEST SECURITY NEWS & COMMENTARY [Does CISA's KEV Catalog Speed Up Remediation?]( Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. [Chinese Hackers Deployed Backdoor Quintet to Down MITRE]( MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain. [City of Wichita Public Services Disrupted After Ransomware Attack]( The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend. [What's the Future Path for CISOs?]( A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities. [Feds: Reducing AI Risks Requires Visibility & Better Planning]( While attackers have targeted AI systems, failures in AI design and implementation are far more likely to cause headaches, so companies need to prepare. [Spies Among Us: Insider Threats in Open Source Environments]( Does the open source ecosystem needs stricter security around contributors? [Wiz Announces $1B Funding Round, Plans More M&A]( Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [AT&T Splits Cybersecurity Services Business, Launches LevelBlue]( The new company will focus on cybersecurity services as a top 10 managed security service provider, but must expand outside the low-margin management of security into detection and response. [The Psychological Underpinnings of Modern Hacking Techniques]( The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed. [Blinken: Digital Solidarity Is 'North Star' for US Policy]( The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges. [LLMs & Malicious Code Injections: 'We Have to Assume It's Coming']( Large language models promise to enhance secure software development life cycles, but there are unintended risks as well, CISO warns at RSAC. [MORE]( PRODUCTS & RELEASES [AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities]( [BigID Launches Hybrid Scanning for Cloud Native Workloads]( [Introducing the NetBeacon Institute: Empowering a Safer Web]( [AXA XL Introduces Endorsement to Help Public Companies Address SEC Cyber Reporting Costs]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway]( The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe. LATEST FROM THE EDGE [Name That Edge Toon: Puppet Master]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Microsoft Previews Feature to Block Malicious OAuth Apps]( Microsoft is previewing new AI and machine learning capabilities in Defender XDR that will help detect and block malicious OAuth applications. LATEST FROM DR GLOBAL [LockBit Honcho Faces Sanctions, With Aussie Org Ramifications]( Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev. WEBINARS - [Assessing Software Supply Chain Risk]( - [Finding Your Way on the Path to Zero Trust]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Shining a light in the dark: observability and security, a SANS profile]( - [Shining a light in the dark: observability and security, a SANS profile]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [A Short Primer on Container Scanning]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123318&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.08.24&sp_cid=53375&utm_content=DR_NL_Dark%20Reading%20Daily_05.08.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#a0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)