Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities

August 4, 2023

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022.

“In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” cybersecurity and intelligence agencies from the Five Eyes nations, which comprises Australia, Canada, New Zealand, the U.K., and the U.S., said in a joint alert.

The continued weaponization of CVE-2018-13379, which was also one among the most exploited bugs in 2020 and 2021, suggests a failure on the part of organizations to apply patches in a timely manner, the authorities said.

“Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent CVEs,” according to the advisory. “While sophisticated actors also develop tools to exploit other vulnerabilities, developing exploits for critical, wide-spread, and publicly known vulnerabilities gives actors low-cost, high-impact tools they can use for several years.”

Cybersecurity

CVE-2018-13379 refers to a path traversal defect in the FortiOS SSL VPN web portal that could allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

Some of other widely exploited flaws include:

“Attackers generally see the most success exploiting known vulnerabilities within the first two years of public disclosure and likely target their exploits to maximize impact, emphasizing the benefit of organizations applying security updates promptly,” the U.K.’s National Cyber Security Centre (NCSC) said.

“Timely patching reduces the effectiveness of known, exploitable vulnerabilities, possibly decreasing the pace of malicious cyber actor operations and forcing pursuit of more costly and time-consuming methods (such as developing zero-day exploits or conducting software supply chain operations),” the agencies noted.

Tags
August 4, 2023

Related Articles

Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw

September 6, 2023

Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

December 1, 2023

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

October 5, 2023

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

January 15, 2022
© Copyright 2024, All Rights Reserved  |  PlanetJon
Back to top button