The severity of cyber-attacks has grown over the past year especially during the global pandemic. Threat actors are looking for unpatched issues or common vulnerabilities and exposures (CVEs) and are exploiting those vulnerabilities to gain initial access to a network.
According to the 2021 X-Force Threat Intelligence Index, the list of the 10 most exploited susceptibilities of 2020 was dominated by older security issues, with just two out of the top 10 being spotted in 2020. Since 1988, the number of flaws discovered each year has followed a general upward trend with 17,992 new flaws discovered in 2020.
Top 10 CVEs exploited by threat actors
IBM security X-force revealed a list of top 10 CVEs of 2020 based on how frequently threat actors exploited them. The list is based on both IBM X-Force incident response (IR) and IBM managed security services (MSS) data for 2020. Mostly, threat actors targeted common enterprise applications and open-source frameworks that many organizations use within their networks.
•CVE-2019-19871: Citrix Application Delivery Controller (ADC)
•CVE-2018-20062: NoneCMS ThinkPHP Remote Code Execution
•CVE-2006-1547: ActionForm in Apache Software Foundation (SAF) Struts
•CVE-2012-0391: ExceptionDelegator component in Apache Struts
•CVE-2014-6271: GNU Bash Command Injection
•CVE-2019-0708: ‘Bluekeep’ Microsoft Remote Desktop Services Remote Code Execution
•CVE-2020-8515: Draytek Vigor Command Injection
•CVE-2018-13382 and CVE-2018-13379: Improper Authorization and Path Traversal in Fortinet FortiOS
•CVE-2018-11776: Apache Struts Remote Code Execution
•CVE-2020-5722: HTTP: Grandstream UCM6200 SQL Injection
How to manage the flaws and shield t ..
Support the originator by clicking the read the rest link below.
