The US Cybersecurity and Infrastructure Security Agency (CISA) announced an update to its known exploited vulnerabilities (KEV) catalog, which will now list information about which vulnerabilities are commonly associated with ransomware campaigns.
Previously, the information about security weaknesses used by ransomware actors was available through CISA’s Ransomware Vulnerability Warning Pilot (RVWP) established in January 2023.
The agency has also developed a second new RVWP resource that serves as a companion list of misconfigurations and weaknesses known to be used in ransomware campaigns.
“This list will guide organizations to quickly identify services known to be used by ransomware threat actors so they can implement mitigations or compensating controls,” CISA said.
Earlier this month, the FBI and CISA released a security advisory detailing known Indicators of Compromise (IoCs), Tactics, Techniques and Procedures (TTPs), and detection methods associated with the AvosLocker ransomware.
