A report by cybersecurity firm Rezilion shows that more than 15 million publicly facing services are not protected from each of the 896 vulnerabilities that the Cybersecurity and Infrastructure Security Agency has listed in its catalog of known exploitable vulnerabilities, according to BleepingComputer.
Rezilion, which conducted a large-scale study to identify systems that are vulnerable to either ransomware organizations or state-sponsored threat actors, says more than half of known instances are susceptible to one of the 137 vulnerabilities associated with Microsoft Windows, and more than half of the top 10 most commonly identified CVEs in endpoints are at least five years old.
"Overall, over 4.5 million internet-facing devices were identified as vulnerable to KEVs discovered between 2010 and 2020," the firm said in its report.
The firm also analyzed the data to identify the vulnerability with the highest interest among threat actors and found that CVE-2022-26134 , a critical-severity flaw in Atlassian Confluence Server and Data Center, is the most exploited flaw with 816 exploitation attempts in March.
Twenty-five percent of operational technology organizations in the U.S., and other parts of the world have evaded data breaches this year, compared with only 6% in 2022, mostly due to the 17% decline in insider breaches from 2022 to 2023, reports SecurityWeek.
Several U.S. defense and government organizations have been targeted by state-backed Chinese hacking group Bronze Silhouette, also known as Volt Typhoon, for military intelligence over a period of at least two years, according to The Record, a news site by cybersecurity firm Recorded Future.