Top targeted vulnerabilities of 2023: STOP this madness
In 2023 the top 10 targeted vulnerabilities used by threat actors to actively exploit victims were more than 10 years old!
In order of CVE ranking we have:
- CVE-2017-0199 - Microsoft Office and Worpad
- CVE-2017-11882 - Microsoft Exchange Server
- CVE-2020-1472 - Microsoft NetLogon
- CVE-2012-1461 - GZIP file parser utility
I would really like to know what systems are still running outdated software that is 5 years old or in the case of #4 on the list 11 years old. What excuses do you have? I mean would you drive a car with no seat belts and think that was safe?
The madness of running outdated software and operating systems has to stop. In the next 1-2 years, Company Directors and owners of businesses are going to be more accountable for failure to implement security controls across their systems.
The AICD recently said:
Regulators are looking at cyber security and the conduct of boards through a risk lens, he said. “That's something that as directors and as company officials, we need to be very cognisant of, if we're running a company that's involved in providing critical infrastructure to the nation. One would expect us at board level to be thinking about cyber security very clearly.” - AICD REF
Maybe its time for a shake up in the corporations act to include 'Cyber Security' as part of a directors duty.
Source of data: Cisco-talos-2023