CISOs advised to push for immediate patching: CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01 directive.”Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” CISA said in the KEV update. Although NAKIVO’s advisory does not mention in-the-wild activities, the vendors quite clearly emphasized admins upgrade to the secure version immediately. Apart from patching, the advisory recommended reviewing access logs and enhancing network security through segmentation and robust firewalling as additional mitigation steps.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3851481/cisa-marks-nakivos-critical-backup-vulnerability-as-actively-exploited.html
