Regional »  Topic »  Cyberattackers achieve their greatest successes by exploiting known and unpatched vulnerabilities, according to Tenable

Cyberattackers achieve their greatest successes by exploiting known and unpatched vulnerabilities, according to Tenable


An abundance of successful cyberattacks in the final quarter of 2023 resulted from threat actors leveraging known and exploitable vulnerabilities, according to Tenable, the Exposure Management Company. Telemetry data from Tenable’s Research Team found that 54% of devices affected by ‘CitrixBleed’ (aka CVE-2023-4966, the top vulnerability of Q4 2023) had not been remediated as of January 2024, more than three months after a patch was first announced.

Similarly, a pair of Cisco flaws that were part of an attack chain to exploit Cisco devices running their Internetworking Operating System (IOS) and IOS XE operating systems (CVE-2023-20198 and CVE-2023-20273) had only been remediated in 39% of devices.
While zero-days and AI-powered threats grab headlines, the known and unpatched vulnerabilities are most frequently exploited, especially when coupled with opportunistic actions by malicious actors, allowing ransomware to persist.

“Threat actors continue to find success with known and exploitable vulnerabilities that organisations have ...


Copyright of this story solely belongs to crn.in . To see the full text click HERE