Table 1 shows counts and monthly changes for all of the CVEs we identified in July traffic. CVE Number Count Change in Count (June – July) CVE-2020-8958 8244 3876 CVE-2017-9841 5991 -303 CVE-2020-25078 3739 2821 CVE-2018-10562 3728 2915 CVE-2017-18368 3265 3063 CVE-2019-9082 2508 -278 CVE-2021-3129 2057 -203 CVE-2021-28481 1839 -159 CVE-2022-22947 1330 -128 CVE-2021-22986 447…
Read MoreApply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…
Read More
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner. While most of the malware-associated activity was…
Read MoreAs Figures 5 and 6 illustrate, CAPTCHA solver services have made it possible for attackers to completely circumvent CAPTCHAs, including Google’s latest version called CAPTCHA Enterprise (not shown here). The Business of Human CAPTCHA Solvers In many respects, CAPTCHA solver services operate like any legitimate enterprise, and they are clearly in business to make a…
Read MoreMuch of our threat research is focused on analyzing quantitative threat data—the larger the sample size, the better. However, the critical piece of information about a specific attack, the thing that differentiates it from the attacks that happened the day before or after, often lies in minute detail that is rarely captured in a large…
Read MoreWhat Is Credential Stuffing? Credential stuffing occurs when a cybercriminal obtains a large number of stolen or leaked login credentials—username and password pairs—for one website and tests them on the login pages of other websites. The attacker’s goal is to gain unauthorized access to as many user accounts as possible and then carry out other…
Read MoreIt seems like threat actors everywhere could detect my impatience last month when I wrote that not much had changed among the 70-odd CVEs that we track for attack trends, because last month they did something. Actually, to be more precise, they stopped doing some things. This is the first month since September 2022 that…
Read MoreHeadlines about breaches and compliance penalties give us a strong idea of what we do not want for our security programs. Of the breaches in 2020, the financial sector had the highest percentage at 17 percent, as noted in the 2021 Application Protection Report. With breaches, come regulator attention. In 2017, New York’s Department of…
Read More
As we have done for prior DDoS Attack Trends reports, we recently analyzed attack data from the F5 Distributed Cloud DDoS Mitigation service to get a look at the DDoS traffic they handled for their customers in 2022. We continued our analysis by comparing 2022 data to that of 2021 and 2020. Some interesting trends…
Read MoreA Vulnerability in Atlassian Confluence Data Center and Server Could Allow for Remote Code Execution
Apply appropriate patches and workarounds provided by Atlassian to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o Safeguard…
Read More