Nearly 400,000 internet-exposed devices were susceptible to attacks involving the abuse of the 15 most exploited security flaws in 2023, almost half of which were Fortinet FortiOS appliances, according to SecurityWeek.
Also dominating the most vulnerable devices were Cisco IOS XE, Apache Log4j, Citrix Netscaler, and OwnCloud GraphAPI implementations, a report from VulnCheck revealed. Additional findings showed that more than half of the 15 most abused bugs were leveraged as zero-days, while Log4Shell and Zerologon had the most exploits. Moreover, Chinese threat actors were most likely to leverage the prevalently abused security issues, accounting for a quarter of the 60 threat operations identified by VulnCheck, followed by Russian, Iranian, and North Korean attackers. "Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible," said VulnCheck.
