Cybersecurity In-Depth

The Edge

10 Vulnerability Types to Focus On This Year

A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

Keeping applications and networks secure can seem like a Sisyphean task. No matter how much time and resources security and IT teams devote to vulnerability assessment, patching, and other mitigations to reduce cyber-risk, they are not enough. In fact, vulnerability management can feel like a series of never-ending tasks.

There is no shortage of vulnerabilities under attack by criminals. Last year saw major vulnerabilities, such as Log4Shell, Ruby on Rails (Follina), and Spring4Shell, plus flaws in Google Chrome, F5 BIG-IP, Microsoft Office, and Atlassian Confluence, to name a few.

The Cybersecurity Infrastructure Agency's Known Exploited Vulnerabilities catalog currently lists vulnerabilities in widely used enterprise applications, such as Oracle eBusiness suite, SugarCRM, Zoho, Control Web Panel, and Microsoft Exchange Server.

And common, yet dangerous vulnerabilities persistently make their way into Web applications, such as broken access control, cryptographic failures, security misconfigurations, and vulnerable and outdated components.

However, enterprise security teams can’t consider their jobs done just by mitigating these types of vulnerabilities. As they adopt new technologies, enterprises need to expand their vulnerability and attack surface management programs accordingly.

A new Dark Reading Tech Insight report examines key areas for enterprise security teams to pay attention to: firmware, 5G networks, edge computing, operational technology and IT convergence, cloud vulnerabilities and misconfigurations, vulnerabilities in open source software, and vulnerabilities in continuous software development pipelines. The report details these types of vulnerabilities and how to mitigate them.