Articles about vulnerability

A new report into Microsoft vulnerabilities shows 2021 saw a 47 percent decrease in critical vulnerabilities, marking the lowest ever total since the report began.

The 2022 Microsoft Vulnerabilities Report from BeyondTrust also reveals that for the second year running, elevation of privilege was the #1 vulnerability category, accounting for 49 percent of all vulnerabilities.

Continue reading →

When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.

But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.

Continue reading →

A new study from Netwrix reveals that 70 percent of organizations use a vulnerability assessment tool, but not always for the reasons you might think.

Rather than to ensure compliance, 70 percent say the primary reason for purchasing the tool is the need for proactive security measures. In addition 76 percent of those who don't yet own a vulnerability assessment tool and plan to acquire one in the near future for the same reason.

Continue reading →

The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.

Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.

Continue reading →

Over a quarter of businesses (28 percent) have critical vulnerabilities that could easily be exploited by cyberattack.

But even when these vulnerabilities are flagged by penetration testing, they are still being left unaddressed.

Continue reading →

Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.

This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.

Continue reading →

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.

The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Continue reading →

A new report from container and cloud security company Sysdig finds that 75 percent of images contain patchable vulnerabilities of 'high' or 'critical' severity. In addition 85 percent of container images that run in production contain at least one patchable vulnerability.

Looking at the issues in more detail, 73 percent of cloud accounts contain exposed S3 buckets and 36 percent of all existing S3 buckets are open to public access.

Continue reading →

Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.

According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.

Continue reading →

At the end of November a vulnerability targeting Minecraft servers was uncovered. If you don't play Minecraft you probably didn't pay it much attention.

Since then, however, 'Log4Shell' has surged across the web sending tremors through the security community and prompting the US government to describe it as a 'severe risk'. So, what's going on and is it time to panic?

Continue reading →

Data from 3,900 tests conducted on 2,600 software or systems targets reveals that 97 percent had some form of vulnerability, 30 percent of the targets had high-risk vulnerabilities, and six percent had critical-risk vulnerabilities.

In the research from Synopsys 83 percent of the tested targets were web applications or systems, 12 percent mobile applications, and the remainder either source code or network systems/applications. Industries represented in the tests include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

Continue reading →

New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.

The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.

Continue reading →

A new study from the Application Security Division of NTT Ltd reveals that 52 percent of applications in the healthcare industry have at least one serious vulnerability -- rating 'high' or 'critical' on the CVSS scale -- open throughout the year.

However, healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months. This represents a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis.

Continue reading →

As businesses rely more on the cloud and virtual infrastructure, so the potential for both configuration errors and cyberattacks increases.

The pandemic has only made the problem worse and in many cases led to a loosening of security policy. What do organizations need to do to address the issue and protect their systems? We spoke to Tal Morgenstern, Vulcan Cyber CPO and co-founder, to find out.

Continue reading →

It's well known that security teams are suffering from alert overload and new research from Invicti Security shows that false positives and the need for manual verification are serious problems.

Analysis of six years' worth of real-world vulnerability data shows enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports, and this could cost as much as half a million dollars annually.

Continue reading →