Top exploit list highlights the long tail of some vulnerabilities
Thursday, July 29, 2021
If a patch is not feasible, many of the vulnerabilities can be mitigated with workarounds or detected using indicators of compromise. Teams that struggle to keep up their patching cadence should shift to prioritize updates for vulnerabilities like these where there is evidence of active exploitation.
Ilia Kolochenko, founder of penetration testing company ImmuniWeb, said the list highlights how malicious hacking groups are gravitating towards both high-impact flaws and products with wide market reach.
“First, cybercriminals mostly target critical-risk vulnerabilities that give you full access to the vulnerable system. Second, they exploit both newly disclosed vulnerabilities, while unprepared companies remain unpatched, and pretty old ones coming from 2020 or even 2019 that are still exploitable due to persistent shadow IT or poor IT asset inventory,” said Kolochenko in a statement. “Finally, the targeted software vendors are mostly used by large enterprises (Drupal is an exception), indicating that cybercriminals are looking for a big fish.” Read Full Article
Dark Reading: CISA, FBI Name the Most Exploited Vulnerabilities Over the Past Year
Data Center Knowledge: Why CISA’s China Cyberattack Playbook Is Worthy of Your Attention