Hackers exploit older software vulnerabilities in 2022

Share post:

Cybersecurity authorities from the Five Eyes intelligence alliance have published a list of the top 12 most exploited software vulnerabilities in 2022. The list, which was compiled by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners, found that hackers disproportionately targeted older vulnerabilities that had been known for years.

Of the 12 vulnerabilities on the list, only five were discovered in 2022. The remaining seven had been known for at least two years, and some had been around for even longer. This suggests that many organizations are failing to patch their software in a timely manner, leaving them vulnerable to attack.

The most exploited vulnerability on the list was CVE-2018-13379, a critical flaw in Fortinet’s FortiOS and FortiProxy SSL VPN software. This vulnerability was first disclosed in 2018, but it was still being exploited by hackers in 2022.

Other frequently exploited vulnerabilities included CVE-2021-34473, a remote code execution (RCE) vulnerability in Microsoft Exchange Server, CVE-2022-22954, an RCE vulnerability in VMWare Workspace ONE Access and Identity Manager, CVE-2022-1388, a missing authentication vulnerability in F5 Networks BIG-IP, CVE-2022-30190, an RCE vulnerability in multiple Microsoft products, and CVE-2022-26134, an RCE vulnerability in Atlassian Confluence Server and Data Center.

The CISA advisory noted that threat actors are increasingly targeting older vulnerabilities because they are often easier to exploit. In addition, proof-of-concept (POC) code for many of these vulnerabilities is publicly available, which makes it easier for attackers to develop exploit kits.

The sources for this piece include an article in CPOMAGAZINE.

SUBSCRIBE NOW

Related articles

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Cybersecurity Firm Prodaft Buys Hacker Forum Accounts to Monitor Cybercriminal Activity

Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming...

Operation Endgame: Burnaby, BC Resident Arrested As Cops Go After Individual Hackers

As part of Operation Endgame, international law enforcement agencies have arrested a Burnaby, British Columbia resident accused of...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways