Aktuelles
What CISA’s reveal about new known exploited vulnerabilities mean for businesses - Netwrix cybersecurity expert comments
March 2025 by Dirk Schrader, VP of security research and field CISO EMEA at Netwrix
This Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five newly discovered known exploited vulnerabilities (KEV) to its list.[1] The security flaws impact software from Cisco, Hitachi Vantara, and Microsoft Windows, among others.
Dirk Schrader, VP of security research and field CISO EMEA at Netwrix offers the following comments on what businesses need to do in order to remain protected in the face of these new security threats:
"CISA’s KEV list is a valuable resource for IT teams prioritising patching and vulnerability management. However, small and medium-sized enterprises (SMEs) often struggle to take full advantage of it. Many lack comprehensive visibility into their IT environments, especially when users have administrative privileges that allow them to install software or introduce new hardware without proper documentation. Without a clear understanding of their infrastructure, IT teams may not even realise they are affected by newly disclosed KEVs. Establishing a strong baseline—mapping IT assets, monitoring privileged identities, and tracking sensitive data—is essential for SMEs to make KEV disclosures actionable."
