Total Tests:

CISA, FBI Name the Most Exploited Vulnerabilities Over the Past Year

By Jai Vijayan for Dark Reading
Thursday, July 29, 2021

Four flaws in a near-obsolete file transfer appliance from enterprise firewall company Accellion have been another popular attacker target in 2021. The flaws, which were being actively attacked before patches became available for them, have resulted in data breaches at numerous Accellion customers, including Qualys, Kroger, Jones Day, Singapore Telecommunications, and the Reserve Bank of New Zealand.

The CVE list highlights several attacker trends, says Ilia Kolochenko, founder of ImmuniWeb.

"First, cybercriminals mostly target critical-risk vulnerabilities that [enable] full access to the vulnerable system," he says. "Second, they exploit both newly disclosed vulnerabilities, while unprepared companies remain unpatched, and pretty old ones … that are still exploitable due to persistent shadow IT or poor IT asset inventory."

Finally, most of the targeted software vendors are used by large enterprises, suggesting that cybercriminals are looking for big fish, Kolochenko says. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential