Thursday, February 13, 2025

768 CVEs Exploited in 2024, Reflecting a 20% Improve from 639 in 2023


Feb 03, 2025Ravie LakshmananVulnerability / Community Safety

As many as 768 vulnerabilities with designated CVE identifiers have been reported as exploited within the wild in 2024, up from 639 CVEs in 2023, registering a 20% enhance year-over-year.

Describing 2024 as “one other banner yr for risk actors concentrating on the exploitation of vulnerabilities,” VulnCheck mentioned 23.6% of recognized exploited vulnerabilities (KEV) have been recognized to be weaponized both on or earlier than the day their CVEs have been publicly disclosed.

This marks a slight lower from 2023’s 26.8%, indicating that exploitation makes an attempt can happen at any time in a vulnerability’s lifecycle.

“Throughout 2024, 1% of the CVEs revealed have been reported publicly as exploited within the wild,” VulnCheck’s Patrick Garrity mentioned in a report shared with The Hacker Information. “This quantity is predicted to develop as exploitation is usually found lengthy after a CVE is revealed.”

Cybersecurity

The report comes over two months after the corporate revealed that 15 completely different Chinese language hacking teams out of a complete of 60 named risk actors have been linked to the abuse of a minimum of one of many prime 15 routinely exploited vulnerabilities in 2023.

“Not surprisingly, the Log4j CVE (CVE-2021-44228) is related to essentially the most risk actors total, with 31 named risk actors linked to its exploitation,” Garrity famous late final yr, including the corporate recognized 65,245 hosts probably weak to the flaw.

In all, there are roughly 400,000 internet-accessible techniques doubtless vulnerable to assaults stemming from the exploitation of 15 safety shortcomings in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho merchandise.

“Organizations ought to consider their publicity to those applied sciences, improve visibility into potential dangers, leverage strong risk intelligence, preserve sturdy patch administration practices, and implement mitigating controls, akin to minimizing internet-facing publicity of those gadgets wherever potential,” VulnCheck mentioned.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

PHP Code Snippets Powered By : XYZScripts.com