Researchers from the Federal Bureau of Investigation (FBI) and the Cybersecurity, Department of Homeland Security (DHS), and Cybersecurity & Infrastructure Security Agency (CISA) have published a list of the most exploited vulnerabilities for the period from 2016 to 2020.
To counter the most obvious forms of attacks, the security experts have strongly recommended all the companies in both public and private sectors to install all the essential patches and updates immediately.
The massive installation of patches and updates will directly affect the cyber arsenal of foreign hackers targeting the American companies. As this will lead the hackers to develop new exploits, in short, to develop new exploits, they have to invest resources; to justify and support the above declaration, the U.S. government officials have given this statement.
According to the CISA report, unlike zero-day vulnerabilities, exploiting these vulnerabilities requires less resources. “A concerted campaign to fix these vulnerabilities would interfere with the work methods of foreign adversaries and force them to develop or acquire more expensive and less effective exploits,” the report said.
The joint CISA & FBI security alert includes the following remarks, that must be considered:-
Microsoft’s Object Linking and Embedding (OLE) is most frequently attacked by the attackers, and it is a technology that allows the Office documents to embed content from other apps.
CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158 are the most exploited security flaws that were used by the government-backed hacker groups.
The second most attacked technology is the ‘Apache Struts.’CVE-2019-19781 and CVE-2019-11510 are the two most frequently exploited vulnerabilities in this year, 2020.
In recent times, many organizations are shifting to work from home setups due to the COVID-19 pandemic, and this shifting process has misconfigured Microsoft’s Office 365 deployments.
Here are the list of the vulnerabilities that were exploited most between 2016-2020:-
All the vulnerabilities mentioned above are shared by the DHS CISA, and the FBI are used by both government-backed hackers and regular cybercriminals.
So, what do you think about this? Simply share all your views and thoughts in the comment section below. And if you liked this post, then simply do not forget to share this post with your friends, family, and on your social network profiles as well.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Redline Stealer is a powerful information-stealing malware, and hackers often exploit this stealthy stealer to…
An attacker with read-only or higher privileges on a Cisco Integrated Management Controller (IMC) can…
Hackers often use Linux ransomware due to its prevalence in server environments. This type of…
A new "Cybercrime Index" has been introduced, ranking countries based on the threat level posed…
Google has announced a comprehensive update to the Chrome and Extended Stable channels. The latest…
The hacker group known as R00TK1T has announced that it has successfully entered the systems…