CISA, FBI Name the Most Exploited Vulnerabilities Over the Past Year
Thursday, July 29, 2021
Four flaws in a near-obsolete file transfer appliance from enterprise firewall company Accellion have been another popular attacker target in 2021. The flaws, which were being actively attacked before patches became available for them, have resulted in data breaches at numerous Accellion customers, including Qualys, Kroger, Jones Day, Singapore Telecommunications, and the Reserve Bank of New Zealand.
The CVE list highlights several attacker trends, says Ilia Kolochenko, founder of ImmuniWeb.
"First, cybercriminals mostly target critical-risk vulnerabilities that [enable] full access to the vulnerable system," he says. "Second, they exploit both newly disclosed vulnerabilities, while unprepared companies remain unpatched, and pretty old ones … that are still exploitable due to persistent shadow IT or poor IT asset inventory."
Finally, most of the targeted software vendors are used by large enterprises, suggesting that cybercriminals are looking for big fish, Kolochenko says. Read Full Article
Data Center Knowledge: Why CISA’s China Cyberattack Playbook Is Worthy of Your Attention
CPO Magazine: Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant