Tag: RCE
Also notable this month is the dramatic growth in CVE-2020-25078, which is also an IoT vulnerability but this time in several IP cameras. On the one hand the volume of traffic scanning for this vulnerability was not remarkable, with ~3600 connections in February, but only 200 connections were attempted in January, which means traffic increased…
Read MoreHere we are in April 2023, which gives us another opportunity to see what vulnerabilities attackers were most interested in last month. After receiving a huge amount of attacker attention from November 2022 to February 2023, CVE-2020-8958 has returned to volumes of traffic more consistent with what we’d come to expect over the last year…
Read MoreBy now you have probably heard about another raft of high-severity vulnerabilities in the open-source Java application framework, Spring. The Spring Framework is a collection of programming libraries which allow developers to easily integrate features into their apps such as authentication, data access, testing, and even the creation of web applications on top of Java…
Read MoreWelcome to the Sensor Intelligence Series for April 2023. Last month was comparatively quiet in terms of attack traffic, like March before it. CVE-2020-8958 (an OS command injection vulnerability in a GPON router) remained the top-targeted vulnerability, as it has for nine of the last ten months. Many of the other top targets, such as…
Read MoreAs you can see in Figure 1, six out of the 29 identified CVEs constituted the vast majority (96.7%) of the traffic, so much of our analysis is focused on them. CVE-2017-9841 was the most frequently targeted for the entire six-month period, fluctuating slightly but never enough to fall from the top spot. Below that,…
Read MoreThe stubborn one-way passage of time means that it is time for another round of vulnerability targeting intelligence. Web attacks in May 2023 had a lot in common with those in April, with eight of the top ten vulnerabilities remaining consistent across the two months. In that vein of continuity, CVE-2020-8958, the Guangzhou GPON router…
Read MoreTable 1 shows counts and monthly changes for all of the CVEs we identified in July traffic. CVE Number Count Change in Count (June – July) CVE-2020-8958 8244 3876 CVE-2017-9841 5991 -303 CVE-2020-25078 3739 2821 CVE-2018-10562 3728 2915 CVE-2017-18368 3265 3063 CVE-2019-9082 2508 -278 CVE-2021-3129 2057 -203 CVE-2021-28481 1839 -159 CVE-2022-22947 1330 -128 CVE-2021-22986 447…
Read MoreIt seems like threat actors everywhere could detect my impatience last month when I wrote that not much had changed among the 70-odd CVEs that we track for attack trends, because last month they did something. Actually, to be more precise, they stopped doing some things. This is the first month since September 2022 that…
Read MoreExecutive Summary & Key Takeaways As security professionals, we often live and die by the release cycle of the latest vulnerabilities. In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will…
Read MoreConclusions This month we were able to add seven newly observed CVEs to our list of confirmed exploited vulnerabilities: CVE-2012-4940, a directory traversal vulnerability in the Axigen Free Mail Server. CVE-2016-4945, a cross-site scripting flaw in Citrix Netscaler Gateway CVE-2017-11511 and CVE-2017-11512, arbitrary file download flaws at different URIs in the Zoho ManageEngine ServiceDesk tool…
Read More