Patch management can be a complex and time-consuming process.
Then investigators found this new mysterious malware SEE: A company spotted a security breach. "It is easy for operations teams to get overwhelmed when they do not have a prioritized list of patches or software listings provided from security teams."Ĭyberattackers know that many organizations struggle with patching, so they are actively scanning for vulnerabilities that enable them to lay down the foundations for ransomware and other cyberattacks. This is the number one driving factor for why vulnerabilities remain unpatched," Shailesh Athalye, SVP of product management at Qualys, told ZDNet. "The rate at which vulnerabilities are rising is exponentially higher than the rate at which operations teams are patching.
APPLE RANSOMWARE VULNERABILITY UPDATE
Like the other vulnerabilities detailed by researchers, cybercriminals are have been able to continue launching successful attacks because the available security update hasn't been applied.įor IT and information security teams, applying all the patches needed to keep a network secure is often an uphill battle. The most recent vulnerability on the list is Adobe CVE-2019-1458, a privilege escalation vulnerability in Windows that emerged in December 2019 and has been commonly used by the NetWalker ransomware group. Both Ryuk ransomware and what many believe to be its successor, Conti ransomware, have been known to use this attack method.
APPLE RANSOMWARE VULNERABILITY PDF
In both cases, patches to remedy the vulnerabilities have been available for more than eight years.ĬVE-2018-12808, meanwhile, is a three-year-old vulnerability in Adobe Acrobat, which is used to deliver ransomware via phishing emails and malicious PDF files. CVE-2013-0431 is a vulnerability in JRE exploited by Reveton ransomware, while CVE-2013-1493 is a flaw in Oracle Java that is targeted by Exxroute ransomware.
Two other common vulnerabilities detailed by researchers are from 2013. SEE: A winning strategy for cybersecurity (ZDNet special report) This ransomware is somewhat basic, but some organizations have remained vulnerable because they haven't applied the relevant security patches. According to researchers, it's been commonly used to distribute Urausy ransomware. The oldest of the top five vulnerabilities detailed in the analysis is CVE-2012-1723, a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7, which was detailed in 2012. A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep yourself safe from malware and viruses.