This article discusses the continued exploitation of older vulnerabilities in cyberattacks, particularly focusing on legacy flaws that remain actively targeted despite being publicly disclosed years ago. The GreyNoise report highlights the importance of addressing both new and vintage CVEs, advocating for comprehensive vulnerability management strategies. Affected: legacy vulnerabilities, cybersecurity sector, government agencies, Fortune 500 companies
Keypoints :
- Older vulnerabilities, some over five years old, are consistently targeted by attackers.
- CVE-2017-9841 remains actively exploited due to its simplicity and wide usage.
- 40% of exploited CVEs in 2024 were published in or before 2020.
- Threat actors weaponize vintage vulnerabilities exploiting organizations’ poor vulnerability management.
- Ivanti’s security products have shown a concerning pattern of critical vulnerabilities and zero-days.
- Exploitation has shifted to a scale-oriented approach by cybercriminals and APT teams.
- Enterprise defenders need to prioritize patching both new and old vulnerabilities.
Full Story: https://censys.com/on-the-internet-everything-old-is-exploitable-again/