Cybersecurity researchers at Digital Shadows have compiled a list of new and old vulnerabilities that have not been patched by organizations.
With a focus on prominent vulnerabilities, these unpatched flaws may be exploited by attackers to steal data and compromise networks.
Some of the flaws include the ProxyShell bugs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), the QNAP NAS flaw (CVE-2021-28799), and an old Microsoft Office flaw (CVE-2012-0158).
In total, the researchers identified 260 vulnerabilities that were actively exploited for attacks in the last quarter of 2021. A total of 87 of the 260 vulnerabilities identified were associated with ransomware campaigns.
“Cybercriminals are inherently opportunistic. There need not be an exotic zero-day, or similar vulnerability that ‘takes up all the oxygen in the room. Taking a risk-based approach is the most effective method of targeting vulnerabilities, which will ultimately have the most significant impact on reducing your overall cyber risk,” said Joshua Aagard, research analyst at Digital Shadows.
For more information, read the original story in ZDNet.