May 14, 2020 By Graham Cluley
Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.
This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.
The list is designed to galvanise IT security teams at both public and private sector organisations into putting a greater priority into patching vulnerabilities, before they can be exploited by malicious hackers.
As US-CERT explains, state-sponsored hackers have sophisticated capabilities but they may prefer to keep them for specific targets. Instead, the DHS’s Computer Emergency Readiness Team warns that attackers continue to “exploit publicly known—and often dated—software vulnerabilities against broad target sets” because exploitation “often requires fewer resources as compared with zero-day exploits for which no patches are available.”