CISA Orders Federal Agencies to Patch Nearly 300 Flaws Under Wide-Ranging Directive
Groove ransomware gang is a fake, BlackMatter gang seemingly disbands, Facebook to end facial recognition, Iran-linked Black Shadow group leaks data from Israeli medical institute, much more
In one of the widest-reaching cybersecurity mandates for federal agencies ever issued, the Cybersecurity and Infrastructure Security Agency (CISA) released its Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive what it says is urgent and prioritized remediation of vulnerabilities that adversaries are actively exploiting.
The Directive establishes a CISA-managed catalog of known exploited vulnerabilities and requires federal civilian agencies to remediate or patch such vulnerabilities within specific timeframes. The directive encompasses 200 known security flaws identified by cybersecurity professionals between 2017 and 2020 plus 90 discovered in 2021 alone that malicious hackers have used. (Dustin Volz / Wall Street Journal)