FBI: 2023 Top Routinely Exploited Vulnerabilities


In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.

In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day. Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for our Newsletter


Related:

  • New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

    August 22, 2018

    A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. The approach relies on recording electromagnetic (EM) emanations coming off a device as it performs an encryption or decryption operation. Read more… Source: Bleeping Computer  

  • New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

    August 22, 2018

    Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, ...

  • Retro tech leaves NHS open to cyber-attacks, say researchers

    August 20, 2018

    Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...

  • Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’

    August 17, 2018

    Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...

  • FBI Warns Of ATM Hacking Campaign

    August 16, 2018

    The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.” The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of ...

  • Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

    August 14, 2018

    Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs. All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. These flaws target ...