Old Software Flaws Used By Hackers To Spread Ransomware

Share post:

Cybersecurity researchers at Digital Shadows have compiled a list of new and old vulnerabilities that have not been patched by organizations.

With a focus on prominent vulnerabilities, these unpatched flaws may be exploited by attackers to steal data and compromise networks.

Some of the flaws include the ProxyShell bugs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), the QNAP NAS flaw (CVE-2021-28799), and an old Microsoft Office flaw (CVE-2012-0158).

In total, the researchers identified 260 vulnerabilities that were actively exploited for attacks in the last quarter of 2021. A total of 87 of the 260 vulnerabilities identified were associated with ransomware campaigns.

“Cybercriminals are inherently opportunistic. There need not be an exotic zero-day, or similar vulnerability that ‘takes up all the oxygen in the room. Taking a risk-based approach is the most effective method of targeting vulnerabilities, which will ultimately have the most significant impact on reducing your overall cyber risk,” said Joshua Aagard, research analyst at Digital Shadows.

For more information, read the original story in ZDNet.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways