CyberSecurityBoard
Sponsor Register Login

2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List

A total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs.
The figures come from the latest report by the Qualys Threat Research Unit, published today.
Notably, less than 1% of these vulnerabilities posed the highest risk, being actively exploited in the wild by ransomware, threat actors and malware.
Key findings revealed that 97 high-risk vulnerabilities, likely to be exploited, were not part of the CISA Known Exploited Vulnerabilities catalog.
25% of high-risk vulnerabilities were exploited the same day they were published.
The deep dive into the vulnerability threat landscape also highlighted that over 7000 vulnerabilities had proof-of-concept exploit code, while 206 had weaponized exploit code, increasing the likelihood of successful compromises.
The report revealed that 32.5% of high-risk vulnerabilities affected network devices and web applications, emphasizing the need for a comprehensive vulnerability management strategy.
The Qualys TRU also shed light on the mean time to exploit high-risk vulnerabilities in 2023, standing at 44 days.
Top MITRE ATT&CK tactics and techniques used in exploits include the exploitation of remote services, public-facing applications and privilege escalation.
Threat actors, such as TA505 and malware like LockBit and Clop, played significant roles in high-profile cyber-attacks, exploiting zero-day vulnerabilities and emphasizing the need for enhanced cybersecurity measures.
As organizations grapple with the dynamic nature of cyber-threats, the Qualys TRU recommends a multifaceted approach to vulnerability prioritization, focusing on known exploits in the wild, those with a high likelihood of exploitation and those with weaponized exploit code available.
These include implementing effective network segmentation that considers all devices and applications, automating patching and password rotation across fleets of devices, and extending zero trust principles to all network-connected systems.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 19 Dec 2023 15:00:27 +0000


Cyber News related to 2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
1 year ago Securityzap.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
10 months ago Therecord.media
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
10 months ago Cyberdefensemagazine.com Akira
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
DHS says CISA will not stop monitoring Russian cyber threats - In response to questions about the Guardian's story, Tricia McLaughlin, Assistant Secretary for Public Affairs, U.S. Department of Homeland Security, told BleepingComputer that the memo is fake and that CISA will continue to address cyber threats ...
5 months ago Bleepingcomputer.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
3 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Protecting Your Digital Realm: Understanding Cybersecurity Threats and Defenses - Understanding the different types of cyber attacks and implementing robust security measures is crucial in safeguarding sensitive data and systems from malicious intent. In the dynamic landscape of cyberspace, threats to digital security continue to ...
1 year ago Feeds.dzone.com
Cybersecurity Trends: Shaping the Future Landscape - Embark on a journey through the ever-evolving landscape of cybersecurity, where hidden threats and silent breaches shape the digital realm. AI is transforming the cybersecurity landscape by enhancing threat detection and mitigation, ushering in a ...
1 year ago Securityzap.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
1 year ago Therecord.media
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
Cyber Defense Magazine - The evolving landscape of cyber threats in our increasingly digital world calls for a strategic shift from traditional cybersecurity to a more encompassing and proactive approach: cyber resilience. Understanding the unique risk profile of your ...
1 year ago Cyberdefensemagazine.com
Important details about CIRCIA ransomware reporting - This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments. Ransomware attacks have become ...
1 year ago Securityintelligence.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
5 months ago Therecord.media
Mississippi Creates New Cyber Unit and Names First Director - The state of Mississippi has recently announced the creation of a new dedicated cyber security unit, as well as the naming of its first director. The Mississippi Cyber Security Unit, headed by Director Kelly Hurst and backed by the Mississippi Office ...
2 years ago Securityweek.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)