Recorded Future - 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products

Time- and resource-strapped security teams face an ongoing challenge: How do you make remediation decisions around vulnerabilities with lots of disparate information, but without access to all of the facts?

The annual Recorded Future vulnerability report helps remove some of that guesswork. Our researchers have scoured thousands of sources, including code repositories, underground forum postings, and dark web sites, to bring you the top 10 vulnerabilities being actively exploited by cybercriminals.

In the new 2019 report, titled “Criminal Underground Continues to Target Microsoft Products in Top 2019 Exploited Vulnerabilities List,” we observed more exploits targeting Microsoft products than Adobe products — a trend that began in 2017. Many of the top vulnerabilities of 2019 also appeared on our 2018 list — underscoring the importance of patching Microsoft products in your technology stack.

Interestingly, only one vulnerability impacting Internet Explorer 10 and 11 ranked in the top 10. This vulnerability was included in a new exploit kit called Capesand. We also observed that the total number of new exploit kits continued to decrease, dropping from five to four in 2019. This change is partially due to evolving criminal use of exploited vulnerabilities — but overall, exploit kits are declining as criminal efforts have adapted.

Download the 2019 report today to see the year-over-year changes in exploit kit, phishing, and remote access trojan co-occurrences with vulnerabilities, and find out how CVSS scores correlate to actual “in the wild” severity analysis. You’ll also get actionable recommendations for protecting your organization against the highest-trending vulnerabilities.

The post 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/top-vulnerabilities-2019/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more