DTX Manchester DTX Manchester
  • About Us
Friday, 26 February, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Investigation finds thousands of exploitable weaknesses in company networks

by The Gurus
April 7, 2016
in Editor's News
Share on FacebookShare on Twitter

An investigation conducted in early 2016 by cyber security company F-Secure discovered thousands of severe weaknesses in corporate networks that attackers can use to infiltrate companies. The investigation used F-Secure Radar, a vulnerability scanning and management solution, to uncover tens of thousands of instances of misconfigured systems, unpatched software and other weaknesses, confirming to security experts that many companies don’t have enough visibility over their networks.
The investigation found that, out of nearly 85,000 instances of the 100 most common vulnerabilities identified in corporate networks, approximately seven percent of them have high severity ratings according to standards used by the National Vulnerability Database*. Nearly half of these highly severe weaknesses were exploitable and could be used by attackers to gain control over compromised machines via remote code execution. And nearly all of these exploitable weaknesses are easy to fix with the right software patches or simple administrative changes.
“It’s bad news for a company if an attacker finds one of these highly severe vulnerabilities,” said Jarno Niemelä, lead researcher, F-Secure Labs. “The fact that we found thousands of issues this severe suggests some serious security shortfalls amongst companies. Either they’re not implementing patch management programs, or they’re forgetting to include parts of their network in their maintenance practices. But no matter what the underlying cause is, it’s lots of opportunities for attackers, and lots of breaches waiting to happen.”
This finding reinforces previous warnings regarding the importance of implementing simple security measures. According to the United States Computer Emergency Readiness Team, following a few easy steps, such as patching vulnerable software can prevent up to 85 per cent of targeted cyber-attacks**.
Every vulnerability is like a “Kick me” sign
While the investigation found thousands of highly severe weak points, the findings pointed to misconfigured systems as being far more common. The 10 most frequent vulnerabilities found were low or medium severity issues, but accounted for 61 per cent of all weaknesses discovered in the investigation. While these issues lack the severity of high-risk vulnerabilities, they encourage hackers to investigate further and look for additional weak spots.
“These issues aren’t particularly pressing if you think about them intrinsically, but hackers see non-critical issues as the cyber security equivalent of a ‘kick me’ sign,” said Andy Patel, senior manager, F-Secure technology outreach. “There’s lots of ways to stumble across these vulnerabilities just by casually browsing the web. Even hackers uninterested in doing anything bad could be tempted to pull at the thread and see what unravels. Companies that are lucky could get a helpful email informing them of the problem, but the unlucky ones are going to have professional criminals conducting reconnaissance in preparation for targeted attacks.”
 

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: Cyber SecurityF-Secureinformation securityit securitynetwork security
ShareTweetShare
Previous Post

PayPal vulnerabilities could have allowed phishing emails

Next Post

ESET Warns Facebook Users of Viral Ad Scam

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Npower shuts down app after hackers steal customer bank info  

February 26, 2021
Partnership announcement: Edgescan partners with BSI to deliver safe and secure client solutions

Edgescan partners with BSI to deliver safe and secure client solutions

February 26, 2021
Microsoft building

Microsoft failed to fix known problems that could have prevented SolarWinds hack

February 26, 2021
Microscope

Dutch Research Council experience ransomware attack

February 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept