Numerous media industry vendors do not quickly address critical security flaws despite being vulnerable to ransomware and denial-of-service attacks, as well as other cybersecurity risks, according to SecurityWeek
"Zero tolerance findings," or critical bugs in internet-facing systems have been identified in 143 of nearly 500 media industry vendors, with nearly 30% having at least one critical vulnerability, which was almost two times higher than in other industries, a report from BlueVoyant showed.
Content management providers had the most unpatched critical flaws, while those involved in monetization had the least. The report also showed that eight media industry vendors failed to address an actively exploited Confluence flaw, tracked as CVE-2022-26134, six weeks following the release of the patch
"Media companies need to take strong action with their vendors and suppliers, particularly in Content Management. Supply chain attacks are a common attack vector, and protecting against ecosystem vulnerabilities is critical to preventing leaks, downtime, and disruptions to the production process," said BlueVoyant.