Lawrence

10 Exploits Cybersecurity Professionals are Concerned About

October 4, 2021,

Blogs



Cybersecurity Exploits are always found in code. While companies try their best to crush cybersecurity exploits, the truth is that exploits are bound to happen. So, here are the cybersecurity trends experts are worried about now.

1. Google Chrome Browser: CVE-2021-21193, CVE-2021-21206, CVE-2021-21220

These exploits allow the accessor to execute code to crash the program, include unexpected values, and execute code. This code can lead to people losing their private information.

2. Citrix Application Delivery Controller and Gateway: CVE-2019-19781

For this exploit, we have unauthorized users being able to access delicate info. The exploit allows for multiple forms of attacks like Dosing, Phishing, and code execution remotely.

3. Microsoft Exchange Vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

For these exploits, the hackers can access mailboxes and execute remote code. The exploit is still effective due to users not applying patches.

4. Synacor Zimbra Collaboration Suite (XXE): CVE-2019-9670

This exploit allows the hacker to use vulnerabilities in systems to gain access to credentials and other information.

5. Cisco AnyConnect Posture: CVE-2021-1366

This exploit allows authorized users of the mobile app for Cisco to up their access to execute any program they want on the account. The company has released a patch for this exploit.

6. VMware Workspace ONE Access: CVE-2020-4006

For this exploit, we have hackers being able to access protected data by executing commands remotely. However, the exploit still requires authenticated access to use, so a strengthened password should do the trick.

7. Fortinet FortiGate SSL VPN: CVE-2018-13379, CVE-2020-12812, CVE-2019-5591

These exploits are being looked for by many criminals all over the world because the exploit has vulnerabilities for cyber espionage and ransomware against government agencies and companies.

8. VMWare vCenter RCE: CVE-2021-21972

This exploit allows for remote code execution and has been brought up as being easy to exploit. Almost any unauthorized user can take advantage of this exploit.

9. Microsoft SMBGhost: CVE-2020-0796

This exploit targets a remote code execution that targets a specific protocol, which has raised concerns because it’s been targeted by ransomware in the past.

10. Pulse Secure Pulse Connect Secure VPN: CVE-2019-11510

This exploit uses a Path Traversal vulnerability to access private information.

Note that all of these exploits have a patch, but some exploits are active because patches haven’t been applied. For more information about cybersecurity trends, visit https://bit.ly/2Uxj2Ru