Raphaël Illouz, CEO Purplemet comment vulnerabilties during 2020
January 2021 by Raphaël Illouz, CEO Purplemet
Last year was...quite special, right? You know what they say, though, while the cat’s away, the mice play and 2020 was no exception. While we got distracted by pandemics, panic, and coronavirus, the hackers were free to do what they do best - make problems for us!
The biggest threats in 2020 were:
– Draytek Vigor Command Injection (CVE-2020-8515)
– Citrix Multiple Products Directory Traversal (CVE–2019–19781)
– Pulse Connect Secure File Disclosure (CVE-2019-11510)
– F5 BIG-IP Remote Code Execution (CVE–2020–5902)
You’ll find a good article on them here. It links to the NSA’s report on the top 25 vulnerabilities currently being leveraged and exploited by Chinese hacking groups. It’s worth looking at that report too, it has some general recommendations that everyone should implement.
Remember - even though we’re hopefully leaving the worst of 2020 in the past, these vulnerabilities are coming with us into 2021 - in fact, they’re already here!
So what can you do? Keep the defensive walls strong (updated) and hackers will find it much harder to find your web app’s vulnerabilities.