TeamT5 acknowledges the recent updates by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) Catalog, which highlights vulnerabilities that have been seen exploited in the wild by malicious actors and underscores the importance of effective remediation and ongoing vigilance within the cybersecurity ecosystem.
We would like to clarify our position and provide accurate context regarding the historical vulnerability referenced in the KEV Catalog and related reporting:
1. Historical Vulnerability Identified and Fully Remediated
The vulnerability referenced in the KEV Catalog and in related media reports pertains to an issue identified in 2024 within our ThreatSonar Anti-Ransomware product.
- The vulnerability was proactively discovered by TeamT5’s Product Security Incident Response Team (PSIRT) during internal security reviews.
- Upon discovery, TeamT5 immediately developed and released a patch, and we proactively assisted all affected customers with updating to the remediated version.
- All impacted customers have since migrated off the vulnerable versions; no customer systems remain in service with the affected release.
A public advisory was issued by TeamT5 in July 2024 with full details about the vulnerability and patch guidance.
2. Strengthening Security Posture and Resilience
In direct response to this and similar industry risk signals such as those highlighted in recent CISA KEV updates, TeamT5 has invested significantly in strengthening our security practices:
- Enhancing our secure software development lifecycle and product security controls.
- Formalizing and standardizing internal incident response and vulnerability management processes.
- Engaging independent third-party security teams for red team exercises and external validation of our security defenses.
These investments reaffirm our commitment to industry best practices and customer protection.
3. Ongoing Monitoring and Threat Detection
TeamT5 maintains continuous monitoring of threats and exploitation activity impacting our products and the broader cybersecurity landscape. Our security and threat intelligence teams remain alert to emerging risks and stand ready to respond quickly with mitigations and customer support when needed.
4. Commitment to Community and Transparency
We support initiatives like the CISA KEV Catalog as an important resource for helping organizations prioritize remediation of vulnerabilities exploited in the wild. TeamT5 continues to collaborate with the cybersecurity community, share information responsibly, and ensure our customers are informed and protected.