Views 225

Top 10 Security Vulnerabilities Exploited by Hackers


Security Vulnerabilities Exploited by Hackers

Throughout 2020 and 2021 we’ve seen a spike in cyberattacks, spam, hacks, and attempted hacks nationwide and globally. The spike in overall cyberattacks has prompted world leaders to step up their defenses, as well as to increase the public’s understanding of these attacks, and how to defend themselves from common threats.

To increase public awareness and to develop a global initiative to prevent cyberattacks, several world-leading nations and their security intelligence agencies have teamed-up with the United States, the United Kingdom, Australia, and more. The agencies include the US Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom National Security Centre (NCSC), the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre. These agencies have released information regarding specific common cyber threats, and ways to prevent them.

Web Security Vulnerabilities

The top vulnerabilities mentioned by these agencies are in the dozens, though ICSSNJ wanted to inform our users of the most important threats and vulnerabilities noted by these security agencies. The agencies have alluded that these vulnerabilities span across many products, technologies, and infrastructures, particularly with remote work environments. Even VPNs and many cloud-based technologies are becoming targets of such attacks, including products from Microsoft, Fortinet, Drupal, Citrix, VMware and more.

CVSS Score & Metrics

Common Vulnerability Scoring System (CVSS) is a score comprised of three different metrics: Base, Temporal, and Environmental. These scores range from 0.1-10.0 with a 10.0 being the most critical qualitative rating and requiring the most attention.

CVSS Score & Metrics

  • What assets or cyber threats could affect the businesses operation functions?
  • What are the businesses critical information assets that would be impacted by a security breach, such as data loss?

These questions will point us and your business to the critical assets that need to be protected. At this point you may start to develop cybersecurity strategies or implementations to protect these assets.

Base Scores:

The Base metric of CVSS scores tackle two main elements: ‘Exploitability’ and ‘Impact’. Exploitability metrics are made of 4 sub-components, an Attack Vector, Attack Complexity, Privileges Required, and User Interactions. Each sub-component topic also has their own associated scores.

Temporal Scores:

Temporal metrics are comprised of metrics which relate to a vulnerability that changes over time. The sub-components for Temporal scores are Exploit Code Maturity, Remediation Level, and Report Confidence.

Environment Scores:

Environmental Scores are broken down into two main components, Security Requirements and Modified Base Metrics.

Top 10 Vulnerabilities:

  1. 1. Windows Netlogon elevation of privilege vulnerability (CVSS score: 10.0)
  2. 2. Pule Connect secure arbitrary file reading vulnerability (CVSS Score: 10.0)
  3. 3. Citrix Application Delivery Controller (ADC) and Gateway directory traversal vulnerability (CVSS score: 9.8)
  4. 4. Fortinet FortiOS path traversal vulnerability which can lead to a system file leak (CVSS Score: 9.8)
  5. 5. F5 BIG-IP remote code execution vulnerability (CVSS Score: 9.8)
  6. 6. Atlassian Confluence Server remote code execution vulnerability (CVSS Score: 9.8)
  7. 7. Atlassian Crowd and Crowd Data Center remote code execution vulnerability (CVSS Score: 9.8)
  8. 8. Microsoft SharePoint remote code execution vulnerability (CVSS Score: 9.8)
  9. 9. Microsoft Exchange memory corruption vulnerability (CVSS Score: 8.8)
  10. 10. Microsoft Office memory corruption vulnerability (CVSS Score: 7.8)

Many of the vulnerabilities above have already come under attack in 2021, and thus internal security agencies are urging consumers to be aware of these vulnerabilities and to secure their infrastructures to prevent any potential harm. These vulnerabilities can be exploited to take control of a particular system, opening-up the infrastructure to potential DDoS attacks (denial-of-service) or sensitive information.

Prepare your networks infrastructure for the future with Integrated Computer Services, based in New Jersey. Call today to find out how we can help your organization.

If you have any questions, please feel free to contact us at: (201) 720-3775

We Offer:

  • Microsoft Silver Certified Partner
  • Dynamic Support | Managed IT
  • Cloud Computing for Business
Our NJ Services AreaOur NJ Service Area
Contact Sales: 201-280-9160