×

Get the Best GovCon News Straight to your Inbox

Only read what's relevant to you

Potomac officers club sends personalized News and Updates straight to your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from Potomac Officers Club. In addition, you also agree to Potomac Officers Club's Privacy Policy and Terms & Conditions.

x

Cybersecurity

CISA Directs Agencies to Patch 17 New Actively Exploited Cyber Vulnerabilities

Federal information

security

CISA Directs Agencies to Patch 17 New Actively Exploited Cyber Vulnerabilities

The Cybersecurity and Infrastructure Security Agency has added 17 new entries to its list of actively exploited cyber vulnerabilities.

CISA’s Known Exploited Vulnerabilities Catalog includes software flaws that have previously been abused and are required to be patched by federal civilian agencies, Bleeping Computer reported.

The agency published the catalog’s first entries on Nov. 3, 2021, as part of Binding Operational Directive 22-01, which legally compels agencies to protect government information and information systems.

CISA issued the binding operational directive in response to “persistent and increasingly sophisticated malicious cyber campaigns” that threaten the private and public sectors, according to the DHS website.

In 2021, U.S. organizations faced a series of high-profile cyber incidents such as the SolarWinds Orion hack that compromised government networks as well as the ransomware attack on oil pipeline operator Colonial Pipeline.

In a Nov. 3 announcement, the Department of Homeland Security said the directive applies to all federal information software and hardware, including ones managed by government contractors.

The 17 new entries include flaws that allow hackers to steal credentials, access networks, execute commands remotely, embed malware or steal information.

Ten of the vulnerabilities are required to be patched within the first week of February. Agencies have until the second half of July to patch the remaining seven.

According to the Nov. 3 directive, agencies are also required to provide CISA a copy of the changes they make to their vulnerability management policies and procedures.

GovCon Wire Logo

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Category: Cybersecurity

Tags: binding operational directive Bleeping Computer CISA cybersecurity Department of Homeland Security