For the third year in a row, cybercriminals employed vulnerabilities in Microsoft products far more so than security flaws in any other technology, new data for 2019 shows.
Eight out of the 10 most exploited vulnerabilities in 2019 in fact impacted Microsoft products. The other two—including the most exploited flaw—involved Adobe Flash Player, the previous top attacker favorite, according to analysis by Recorded Future.
Like it has done for past several years, Recorded Future analyzed data gathered from vulnerability databases and other sources to try and identify the vulnerabilities that were most used in phishing attacks, exploit kits, and remote access Trojans.
The threat intelligence firm considered data on some 12,000 vulnerabilities that were reported and rated through the Common Vulnerabilities and Exposure (CVE) system last year. Vulnerabilities related to nation-state exploits were specifically excluded from the list because such flaws are not typically offered for sale or even mentioned much on underground forums, according to Recorded Future.
The 2019 analysis showed a continued—and unsurprising—preference among cybercriminals for flaws impacting Microsoft software.
The most exploited vulnerability in 2019 itself was CVE-2018-15982, a so-called use-after-free issue impacting Adobe Flash Player 31.0.0.153 and earlier, and 31.0.0.108 and earlier. Exploits for the remote code execution flaw was distributed widely through at least ten exploits kits including RIG, Grandsoft, UnderMiner, and two newcomers, Capesand and Spelevo. But this vulnerability, and another use-after-free issue impacting multiple Adobe Flash Player versions (CVE-2018-4878), were the only ones in Recorded Future's top 10 list unrelated t ..
Support the originator by clicking the read the rest link below.
