Summary:
Unpatched known security vulnerabilities are the main gateway for attackers.
Forgotten endpoints are ripe targets.
Automation and data-science are important assets for helping to prioritize threat and vulnerability patching efforts.
A Worldwide Treasure Hunt
Geocaching is a worldwide hobby where players use their phone or a GPS device to hunt down small containers, often while hiking or exploring city streets. Starting with the GPS coordinates of the box, you have to find the location of the cache. Once in the right location, you have to observe details to try and find the container. It might be hidden in plain sight in a false magnetic bolt, hung on a tree branch or under a rock. Searching for geocaches is a great hobby that makes you look at your environment from a different angle. The location you’ve passed hundreds of times might actually hold a geocache! And with millions hidden worldwide, odds are good that wherever you go, there is a cache there.
What makes this hobby easier is that you know for sure there’s a cache waiting for you in a certain area. If you had no GPS coordinates and had to search blindly, finding a geocache would be almost impossible. Let’s talk now about a different type of location-based treasure hunt, this time used with criminal intent: hacking.
Known Security Vulnerabilities: Open Gateways to the Infrastructure
Your sensitive data is like a hidden geocache for a threat actor. Their goal is to get inside corporate networks to extract the data or cause disruptions in the service. Instead of plastic containers, they are looking for vulnerabilities: known security flaws in operating systems, outdated software, security misconfigurations or web application vulnerabilities, among others. Threats and vulnerabilities are disclo ..
Support the originator by clicking the read the rest link below.
