Hackers exploit older software vulnerabilities in 2022

Share post:

Cybersecurity authorities from the Five Eyes intelligence alliance have published a list of the top 12 most exploited software vulnerabilities in 2022. The list, which was compiled by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners, found that hackers disproportionately targeted older vulnerabilities that had been known for years.

Of the 12 vulnerabilities on the list, only five were discovered in 2022. The remaining seven had been known for at least two years, and some had been around for even longer. This suggests that many organizations are failing to patch their software in a timely manner, leaving them vulnerable to attack.

The most exploited vulnerability on the list was CVE-2018-13379, a critical flaw in Fortinet’s FortiOS and FortiProxy SSL VPN software. This vulnerability was first disclosed in 2018, but it was still being exploited by hackers in 2022.

Other frequently exploited vulnerabilities included CVE-2021-34473, a remote code execution (RCE) vulnerability in Microsoft Exchange Server, CVE-2022-22954, an RCE vulnerability in VMWare Workspace ONE Access and Identity Manager, CVE-2022-1388, a missing authentication vulnerability in F5 Networks BIG-IP, CVE-2022-30190, an RCE vulnerability in multiple Microsoft products, and CVE-2022-26134, an RCE vulnerability in Atlassian Confluence Server and Data Center.

The CISA advisory noted that threat actors are increasingly targeting older vulnerabilities because they are often easier to exploit. In addition, proof-of-concept (POC) code for many of these vulnerabilities is publicly available, which makes it easier for attackers to develop exploit kits.

The sources for this piece include an article in CPOMAGAZINE.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 20, 2024 -Ransomware gang claims it hit a Canadian internet provider

A ransomware gang claims it hit a Canadian internet provider. Welcome to Cyber Security Today. It's Monday May 20th,...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways