Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
Tenable, the Exposure Management Company, reports that a significant number of successful cyberattacks during the last quarter of 2023 were the result of exploiting known vulnerabilities that had not been patched. According to telemetry data from Tenable’s Research Team, over half of the devices affected by the ‘CitrixBleed’ vulnerability (also known as CVE-2023-4966, the top vulnerability of Q4 2023) had not been remedied as of January 2024, despite the patch being available for more than three months.
Similarly, only 39% of devices affected by a pair of Cisco flaws (CVE-2023-20198 and CVE-2023-20273), which were part of an attack chain targeting Cisco devices running Internetworking Operating System (IOS) and IOS XE operating systems, had been remediated.
While zero-day exploits and AI-powered threats gain attention, it’s the exploitation of known and unpatched vulnerabilities that is most common, especially when combined with opportunistic actions by malicious actors, allowing ransomware attacks to persist.
Satnam Narang, senior staff research engineer at Tenable, emphasized that these long-standing vulnerabilities often cause more damage than emerging threats. Despite the public disclosure of the Atlassian Confluence bug (CVE-2023-22518) and warnings about its exploitation to spread the C3RB3R Ransomware, 43% of assets remained vulnerable as of January 23, 2024. Despite a spike in attempted exploits of several Atlassian flaws, nearly half of the assets remained vulnerable.
Narang stressed the importance of organizations understanding the tactics used by attackers and implementing preventive measures. By addressing vulnerabilities promptly and focusing on common misconfigurations, organizations can enhance their cybersecurity posture.
