Government officials are especially vulnerable: “This vulnerability was most likely added to the KEV list due to the reported use of TeleMessage by government officials,” Thomas Richards, infrastructure security practice director at Black Duck, told CSO in a comment.TM SGNL first made headlines in March, when senior administration officials faced backlash after Waltz mistakenly added The Atlantic’s Jeffrey Goldberg to what turned out to be a classified group chat.Casey Ellis, founder of BugCrowd, noted that the KEV list is being used to make sure all federal agencies are on the same page about steering clear of this software. “Given how TM Signal has been used, and the impact of successful compromise, the KEV inclusion is unsurprising to me,” Ellis said.Federal agencies have just three weeks to remediate any vulnerabilities flagged in the KEV catalog, which is a mandatory deadline. While the rule doesn’t extend to the private sector, organizations across the board are strongly urged to monitor the KEV list as the go-to resource for patch prioritization.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3985565/cisa-adds-the-notorious-telemessage-flaw-to-kev-list.html
