BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • What vulnerabilities will be the main threats in 2023?


    Here is some appealing information about which vulnerabilities will be of the greatest value among malefactors in 2023.

    Experts of Positive Technologies presented the top vulnerabilities that became the most popular among attackers last year, and told which vulnerabilities will be of the greatest value among attackers in 2023.

    Abysmal record

    In 2022, a negative record was set: according to NIST, more than 25,000 new vulnerabilities discovered by security researchers were verified. Vulnerabilities were assigned identifiers and severity levels according to the international CVE standard. The growth in the number of startups and the programs they release, as well as non-compliance with the principles of safe development, may lead to a new anti-record being set in 2023.

    “Almost 70 vulnerabilities a day is a lot. In Russia, this indicator is aggravated by the fact that foreign IT companies left the country and stopped supplying new versions and updates of their software, leaving domestic enterprises defenseless, which, in turn, raises the question of building an effective vulnerability management strategy as in proprietary software. , and in the open source components used, not only in web applications, but also in proprietary programs,” comments Vadim Solovyov, Head of the Information Security Threat Analysis Group, Positive Technologies.

    Popular vulnerabilities in 2022 that have been talked about a lot in security circles include:

    Log4j (CVE-2021-44228)
    ProxyNotShell (CVE-2022-41040)
    Spring4Shell (CVE-2022-22965)
    Atlassian Confluence (CVE-2022-26134, CVE-2022-26138),
    Zimbra RCE (CVE-2022-27925, CVE-2022-41352),
    Follina web framework Ruby on Rails (CVE-2022-30190),
    F5 BIG-IP (CVE-2022-1388).

    The most dangerous vulnerabilities that were most often discussed on the dark web:

    Serious vulnerability CVE-2022-30190, known as Follina, in the Microsoft Windows Support Diagnostic Tool (MSDT) deserves special attention. It can be exploited with a malicious office document and allows attackers to execute arbitrary code.

    According to the PT Expert Security Center, the most actively used vulnerabilities to penetrate infrastructure in 2022 included flaws in Microsoft Exchange servers, Log4Shell, ProxyNotShell and ProxyShell.

    Forecasts for 2023

    In 2023, Positive Technologies experts predict that Log4Shell, Spring4Shell and similar vulnerabilities will remain a threat for a long time to come, as systems using vulnerable software are widespread. In addition, this year the world will again see attacks on Microsoft Exchange through both new vulnerabilities and old ones that users have not yet eliminated with security updates. “Building a vulnerability management process will help to quickly eliminate vulnerabilities. It is necessary to regularly check the patch management coverage of the IT infrastructure, as well as to use a proactive approach to eliminating vulnerabilities - when the IT department regularly installs patches or OS and software updates without waiting for information about vulnerabilities from the information security service. Information security specialists, in turn, check compliance with the agreements and control the process of eliminating vulnerabilities. Also, do not forget about the elimination of trending vulnerabilities, which, as a rule, are knocked out of the planned patch management process, but they pose a high threat to companies,” says Anton Isaev, Leading Specialist of the Development and Promotion of Engineering and Technical Expertise Department, Positive Technologies .

    The most valuable for attackers will be vulnerabilities in browsers, since they can be used to carry out mass attacks on visitors to specific resources, and vulnerabilities in popular frameworks that are actively used, including in the infrastructure of large companies. Separately, it is worth noting the end of support for Windows 8.1 from January 10, 2023. This operating system will no longer receive security updates, so if vulnerabilities are found in the underlying mechanisms of the Windows OS family, users of older versions of the OS (including Windows 8.1) will be unprotected.

    Vulnerabilities unknown to developers

    Issues related to the departure of foreign software vendors, the lack of security updates, and the disruption of traditional software supply chains will continue to affect the information security of companies in 2023. Breaking the links between developers and security researchers from different countries will lead to the fact that there will be significantly more vulnerabilities in the software that developers do not know about, but which can be detected by attackers. The need to build new software supply chains and integrate new solutions into the infrastructure, the security of which may be in question, will also have a negative effect on the level of security of organizations.

    “In the absence of timely software updates, it is especially important to build a full-fledged vulnerability management process. It is he who will allow timely identification of critically dangerous vulnerabilities, taking compensatory measures and competently building interaction between IT departments and information security specialists to minimize risks and protect the infrastructure,” Anna Tsybina, MaxPatrol VM Development and Promotion Manager, Positive Technologies, comments.

    Author DeepWeb
    Scientists conducted the world's first cyberattack using artificial intelligence
    Firmware vulnerabilities in Qualcomm Snapdragon allow hackers to control even a turned off computer

    Comments 0

    Add comment