Ransomware operations have exploited 28% of security flaws in the Cybersecurity and Infrastructure Security Agency's (CISAs) Known Exploited Vulnerabilities (KEV) catalog in attacks last year, according to The Register.
GreyNoise reported that while some of the flaws — including the Cleo Harmony remote code execution (RCE) bug, tracked as CVE-2024-50623, and the maximum severity Progress Kemp LoadMaster command execution issue, tracked as CVE-2024-1212 — were added following mass exploitation, most of the CISA KEV inclusions occurred within at least a week of confirmed exploits and intrusions, indicating ransomware gangs' tracking of the database.
Additional findings showed that vulnerabilities that are at least four years old — including the critical Dasan GPON router and Realtek SDK flaws CVE-2018-10561 and CVE-2014-8361, respectively — accounted for 40% of the exploited bugs last year.
Meanwhile, organizations and other users leveraging Ivanti, D-Link, and VMware products were recommended to switch vendors because of their elevated zero-day exploits and mishandling of security fixes for vulnerable products.
