CERT-In recommends faster remediation for known exploited n-day vulnerabilities affecting internet-facing or crown-jewel systems, using a 12-hour window where feasible. The guidance applies to bugs already known to be exploited and exposed through public-facing services or critical assets. For other flaws, including critical vulnerabilities with CVSS 9.0 or higher affecting internal systems, or known exploited bugs limited to internal systems, defenders can use a 24-hour window. The updated guidance is intended to improve protection against AI-assisted cyberattacks. AI-assisted exploitation can reduce the time needed to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems. Increased reliance on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms raises the potential impact across sectors.
"CERT-In says defenders should endevor to patch or mitigate exploited n-day vulnerabilities within 12 hours as the cybercrime landscape continues its AI-ification. The organization's recommended half-day window applies only to bugs that affect internet-facing or "crown jewel" systems and are known to be exploited. In these cases, CERT-In told defenders to "patch, mitigate, or remove exposure within 12 hours where feasible.""
"For other flaws, such as a standard critical vulnerability (CVSS 9.0 or higher) affecting an internal system, or a known exploited bug affecting an internal system, defenders can enjoy a much more leisurely 24-hour window. The revised suggestions come as part of a new guide released by CERT-In this week to help infosec pros better protect against AI-assisted cyberattacks."
""AI-assisted cyber exploitation reduces the time required for adversaries to identify, weaponize, and exploit vulnerabilities, exposed services, weak identities, insecure APIs, and misconfigured systems," CERT-In's report reads. "As organizations become increasingly dependent on interconnected digital infrastructure, cloud ecosystems, software supply chains, operational technologies, and AI-enabled platforms, the potential impact of AI-enabled cyber threats continues to increase across sectors.""
Read at theregister
Unable to calculate read time
Collection
[
|
...
]