Man
Professional
- Messages
- 3,067
- Reaction score
- 597
- Points
- 113
MITRE has released a list of the 25 most common and dangerous software vulnerabilities of this year. In total, more than 31,000 vulnerabilities were discovered between June 2023 and June 2024.
Software vulnerabilities are flaws, errors, vulnerabilities, and bugs found in the code, architecture, implementation, or design of software. Attackers can use them to compromise systems running the vulnerable software, allowing them to gain control of affected devices and access sensitive data, or to initiate denial-of-service attacks. “They are often easy to detect and exploit, but can lead to exploitable vulnerabilities that allow attackers to completely take over a system, steal data, or prevent applications from functioning,” MITRE said.
To create this year’s ranking, the organization assessed each vulnerability based on its severity and frequency of discovery. In total, the experts analyzed 31,770 CVE entries that were reported in the 2023 and 2024 reports, paying special attention to security flaws added to the CISA catalog of known exploitable vulnerabilities (KEVs).
"This annual list identifies the most critical software vulnerabilities that attackers frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are urged to review this list and use it to inform their software security strategies," CISA said.
The organization previously issued an alert asking vendors to fix path traversal and SQL injection (SQLi) vulnerabilities used by Chinese hackers known as Velvet Ant in recent attacks on Cisco, Palo Alto, and Ivanti network edge devices. In May and March, the cybersecurity agency issued two more “Secure by Design” alerts urging software executives and developers to prevent path traversal and SQL injection (SQLi) vulnerabilities in their products and code.
CISA also called on technology vendors to stop shipping software and devices with default passwords, and on small office/home office (SOHO) router makers to protect them from Volt Typhoon attacks.
Last week, the FBI, NSA and Five Eyes cybersecurity bodies released a list of the 15 most frequently exploited security vulnerabilities last year, warning that attackers were focusing on zero-day attacks.
Source
Software vulnerabilities are flaws, errors, vulnerabilities, and bugs found in the code, architecture, implementation, or design of software. Attackers can use them to compromise systems running the vulnerable software, allowing them to gain control of affected devices and access sensitive data, or to initiate denial-of-service attacks. “They are often easy to detect and exploit, but can lead to exploitable vulnerabilities that allow attackers to completely take over a system, steal data, or prevent applications from functioning,” MITRE said.
To create this year’s ranking, the organization assessed each vulnerability based on its severity and frequency of discovery. In total, the experts analyzed 31,770 CVE entries that were reported in the 2023 and 2024 reports, paying special attention to security flaws added to the CISA catalog of known exploitable vulnerabilities (KEVs).
"This annual list identifies the most critical software vulnerabilities that attackers frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are urged to review this list and use it to inform their software security strategies," CISA said.
The organization previously issued an alert asking vendors to fix path traversal and SQL injection (SQLi) vulnerabilities used by Chinese hackers known as Velvet Ant in recent attacks on Cisco, Palo Alto, and Ivanti network edge devices. In May and March, the cybersecurity agency issued two more “Secure by Design” alerts urging software executives and developers to prevent path traversal and SQL injection (SQLi) vulnerabilities in their products and code.
CISA also called on technology vendors to stop shipping software and devices with default passwords, and on small office/home office (SOHO) router makers to protect them from Volt Typhoon attacks.
Last week, the FBI, NSA and Five Eyes cybersecurity bodies released a list of the 15 most frequently exploited security vulnerabilities last year, warning that attackers were focusing on zero-day attacks.
Source
