Hackers exploit older software vulnerabilities in 2022

Share post:

Cybersecurity authorities from the Five Eyes intelligence alliance have published a list of the top 12 most exploited software vulnerabilities in 2022. The list, which was compiled by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners, found that hackers disproportionately targeted older vulnerabilities that had been known for years.

Of the 12 vulnerabilities on the list, only five were discovered in 2022. The remaining seven had been known for at least two years, and some had been around for even longer. This suggests that many organizations are failing to patch their software in a timely manner, leaving them vulnerable to attack.

The most exploited vulnerability on the list was CVE-2018-13379, a critical flaw in Fortinet’s FortiOS and FortiProxy SSL VPN software. This vulnerability was first disclosed in 2018, but it was still being exploited by hackers in 2022.

Other frequently exploited vulnerabilities included CVE-2021-34473, a remote code execution (RCE) vulnerability in Microsoft Exchange Server, CVE-2022-22954, an RCE vulnerability in VMWare Workspace ONE Access and Identity Manager, CVE-2022-1388, a missing authentication vulnerability in F5 Networks BIG-IP, CVE-2022-30190, an RCE vulnerability in multiple Microsoft products, and CVE-2022-26134, an RCE vulnerability in Atlassian Confluence Server and Data Center.

The CISA advisory noted that threat actors are increasingly targeting older vulnerabilities because they are often easier to exploit. In addition, proof-of-concept (POC) code for many of these vulnerabilities is publicly available, which makes it easier for attackers to develop exploit kits.

The sources for this piece include an article in CPOMAGAZINE.

SUBSCRIBE NOW

Related articles

Casting a Hex and Deceptive Delight: Jailbreaking Techniques Targeting AI Models

OpenAI's GPT-4o language model can be tricked into generating exploit code by encoding malicious instructions in hexadecimal, according...

CRA Admits to Massive Underreporting of Cyberattacks

The Canada Revenue Agency (CRA) has acknowledged that tens of thousands of taxpayer accounts were hacked between March...

Apple Launches $1 Million Bug Bounty for Hacking Apple Intelligence Servers

Apple has announced a new bug bounty program offering up to $1 million to individuals who can successfully...

Over 6,000 WordPress Sites Hacked to Install Plugins Pushing Infostealers

More than 6,000 WordPress websites have been hacked to install malicious plugins that push information-stealing malware, according to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways