Security News > 2022 > January > CISA alerts federal agencies of ancient bugs still being exploited
The U.S. Cybersecurity and Infrastructure Security Agency has updated its list of known exploited vulnerabilities with 15 new security issues that serve as a frequent attack vector against federal enterprises.
In combination with other factors such as a threat actor's foothold on the network, old and unpatched devices, and/or device exposure on the public internet, the vulnerabilities are a serious security gap and an opportunity for adversaries.
CISA compiled the new list after finding evidence that the security issues newly added to the Catalog of Known Exploited Vulnerabilities are used in ongoing attacks.
The table below shows all the vulnerabilities that CISA wants federal agencies to remediate this month to boost defenses against active threats.
Elastic Kibana Remote Code Execution Vulnerability 7/10/2022 N/A. CISA's catalog of known exploited vulnerabilities is part of the Binding Operational Directive 22-01 for reducing security risks and for better vulnerability management.
Under this directive, federal civilian agencies have to identify in their systems the security issues listed in the catalog, and to remediate them.