
Combatting Ransomware in the Real World Join FortifyData and Lockstep Technology Group as we discuss what ransomware is, what…
Earlier this year a joint cybersecurity advisory from U.S and allied cybersecurity authorities identified the top exploited vulnerabilities and exposures (CVEs) of 2021. We noted in a blog post about the advisory that out of the vulnerabilities on the list, 25% of them were identified in 2020 and earlier and continue to be routinely exploited.
This indicates poor patch management.
To make matters worse, according to new research by Google Project Zero, half of the zero-day vulnerabilities discovered in the first half of 2022 were a variant of an existing vulnerability – all of which had patches available.
Bad vulnerability management allows previously reported vulnerabilities to reappear as new.
“Many of the 2022 in-the-wild 0-days are due to the previous vulnerability not being fully patched,” wrote Google Project Zero’s security researcher, Maddie Stone. “In the case of the Windows win32k and the Chromium property access interceptor bugs, the execution flow that the proof-of-concept exploits took were patched, but the root cause issue was not addressed: attackers were able to come back and trigger the original vulnerability through a different path.”
Investing in vulnerability management is imperative for organizations to minimize the risk from vulnerabilities. Here are a few things that security teams should do.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |