The U.S. federal government’s Cybersecurity and Infrastructure Security Agency (CISA) urged civilian agencies to address 9 known vulnerabilities in the next 2 weeks. At least one vulnerability is associated with recent successful attacks
The Media Trust CEO Chris Olson said the vulnerability’s alleged use in the recent attack on Ukraine explains the software’s inclusion on the list, but he noted that its inclusion highlights “an alarming growth in web-based cyberattacks and the role they will play in global cyber warfare.”
“Little attention is paid to the Web as an attack surface. While organizations across the public and private sector are increasingly aware of cyber risk, the stack of third-party code used in Web development rarely meets the standards for AppSec that those organizations would demand from any of their IT systems,” Olson said.