Hackers exploit older software vulnerabilities in 2022

Share post:

Cybersecurity authorities from the Five Eyes intelligence alliance have published a list of the top 12 most exploited software vulnerabilities in 2022. The list, which was compiled by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners, found that hackers disproportionately targeted older vulnerabilities that had been known for years.

Of the 12 vulnerabilities on the list, only five were discovered in 2022. The remaining seven had been known for at least two years, and some had been around for even longer. This suggests that many organizations are failing to patch their software in a timely manner, leaving them vulnerable to attack.

The most exploited vulnerability on the list was CVE-2018-13379, a critical flaw in Fortinet’s FortiOS and FortiProxy SSL VPN software. This vulnerability was first disclosed in 2018, but it was still being exploited by hackers in 2022.

Other frequently exploited vulnerabilities included CVE-2021-34473, a remote code execution (RCE) vulnerability in Microsoft Exchange Server, CVE-2022-22954, an RCE vulnerability in VMWare Workspace ONE Access and Identity Manager, CVE-2022-1388, a missing authentication vulnerability in F5 Networks BIG-IP, CVE-2022-30190, an RCE vulnerability in multiple Microsoft products, and CVE-2022-26134, an RCE vulnerability in Atlassian Confluence Server and Data Center.

The CISA advisory noted that threat actors are increasingly targeting older vulnerabilities because they are often easier to exploit. In addition, proof-of-concept (POC) code for many of these vulnerabilities is publicly available, which makes it easier for attackers to develop exploit kits.

The sources for this piece include an article in CPOMAGAZINE.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Air Canada admits hack of employee data

Hacker had "limited access" to data, ai

DDoS attacks behind Canada border agency problems

Canada’s border control agency is the latest federal department to confirm it was hit by a recent wave of denial of service attacks. “The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023 are the result of a distributed denial of

DDoS attacks behind Canada border agency problems

Canada’s border control agency is the latest federal department to confirm it was hit by a recent wave of denial of service attacks. “The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023 are the result of a distributed denial of

Cyber Security Today, Sept. 20, 2023 – A new online card-skimming campaign, new WinServer backdoors and more

This episode reports on the possiblity that thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways