Security News > 2020 > February > Which vulnerabilities were most exploited by cybercriminals in 2019?

Which vulnerabilities were most exploited by cybercriminals in 2019?
2020-02-06 06:30

Which ten software vulnerabilities should you patch as soon as possible?

Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

The researchers put the popularity of Microsoft vulnerabilities down to a combination of better patching and Flash Player's impending demise in 2020, and noted the importance of patching Microsoft products in a timely manner.

Among other, more recently patched flaws that made the top 20 list are CVE-2019-0841, a privilege escalation vulnerability in the Windows AppX Deployment Service and CVE-2019-3396, a server-side template injection vulnerability in the Atlassian Confluence Server and Data Center Widget Connector that could be used for remote code execution.

With all of this in mind, they advise admins to prioritize the patching of Microsoft products, automatically disable Flash Player wherever possible, remove affected software if it's not needed, and install browser ad-blockers to prevent exploitation via malvertising.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/127LrE4BUA0/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-0841 Link Following vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-59
7.8
7.8
2019-03-25 CVE-2019-3396 Path Traversal vulnerability in Atlassian Confluence
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
network
low complexity
atlassian CWE-22
critical
 10.0
10