By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    NH mom, two daughters share rare medical condition
    NH mom, two daughters share rare medical condition
    May 19, 2025
    Measles vaccines save millions of lives each year
    Measles vaccines save millions of lives each year
    May 19, 2025
    Bomb blast kills four in southwest Pakistan: Officials
    Bomb blast kills four in southwest Pakistan: Officials
    May 19, 2025
    ‘Napalm Girl’ was in the Vietnam War photo. But who was behind the camera?; documentary The Stringer
    ‘Napalm Girl’ was in the Vietnam War photo. But who was behind the camera?; documentary The Stringer
    May 19, 2025
    Trump to speak with Putin today on ending Ukraine ‘bloodbath’ – after Russia carries out largest drone attack since start of war | World News
    Trump to speak with Putin today on ending Ukraine ‘bloodbath’ – after Russia carries out largest drone attack since start of war | World News
    May 19, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    Tornado Cash Dev Roman Storm’s Defense Team Wants to Know if DOJ Withheld Evidence
    Tornado Cash Dev Roman Storm’s Defense Team Wants to Know if DOJ Withheld Evidence
    May 19, 2025
    XRP price risks falling to  after classic bearish chart pattern confirms
    XRP price risks falling to $2 after classic bearish chart pattern confirms
    May 19, 2025
    Tether surpasses Germany’s 1B of US Treasury holdings
    Tether surpasses Germany’s $111B of US Treasury holdings
    May 19, 2025
    Russia arrests Blum co-founder Vladimir Smerkis on fraud charges
    Russia arrests Blum co-founder Vladimir Smerkis on fraud charges
    May 19, 2025
    Bitcoin blasts past 6K: is Trump’s remittance tax bill crypto’s new rocket fuel?
    Bitcoin blasts past $106K: is Trump’s remittance tax bill crypto’s new rocket fuel?
    May 19, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: 2024 seeing more CVEs than ever before, but few are weaponised
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > 2024 seeing more CVEs than ever before, but few are weaponised
2024 seeing more CVEs than ever before, but few are weaponised
Technology

2024 seeing more CVEs than ever before, but few are weaponised

Published August 6, 2024
Share
5 Min Read
SHARE

Over the first seven-and-a-half months of 2024, the number of newly-disclosed common vulnerabilities and exposures (CVEs) soared 30% year-on-year from 17,114 to 22,254, according to data published by Qualys researchers.

However, out of this huge number of flaws, barely a hundredth – 204 or 0.9% – were weaponised by threat actors, said Qualys, the majority of whom exploit public-facing applications or remote services, which are useful to obtain initial access and conduct lateral movement.

Read at face value this statistic may feel like good news, but it offers only meagre solace for cyber professionals, Qualys said, for these vulnerabilities still present a significant threat and necessitate ever-more focused defensive measures.

“This very small fraction of vulnerabilities accounts for the most severe threats. This subset represents the highest risk, characterised by weaponised exploits, active exploitation through ransomware, use by threat actors, malware, or confirmed wild exploitation instances,” said Qualys’ Threat Research Unit (TRU) product manager, Saeed Abbasi.

“To effectively mitigate such threats, it’s crucial to prioritise actively exploited vulnerabilities, leverage threat intelligence, and regularly schedule scans to detect new vulnerabilities. A vulnerability management tool that integrates threat intelligence could be pivotal for an enterprise.”

According to Qualys’ data collection and analysis exercise, the most exploited vulnerabilities of 2024 to date are as follows:

  1. CVE-2024-21887, a command injection flaw in Ivanti Connect and Policy Secure Web;
  2. CVE-2023-46805, a remote authentication bypass flaw in Ivanti Connect and Policy Secure Web;
  3. CVE-2024-21412, a security feature bypass flaw in Microsoft Windows;
  4. CVE-2024-21893, a elevation of privilege flaw in Ivanti Connect and Policy Secure Web;
  5. CVE-2024-3400, a command injection flaw in Palo Alto Networks PAN-OS;
  6. CVE-2024-1709, an authentication bypass flaw in ConnectWise ScreenConnect;
  7. CVE-2024-20399, a command line interface command injection flaw in Cisco NX-OS Software;
  8. CVE-2024-23897, a remote code execution flaw in Jenkins Core;
  9. CVE-2024-21762, an out-of-bound write flaw in Fortinet FortiOS;
  10. CVE-2023-38112, a MSHTLM platform spoofing flaw in Microsoft Windows.

With the exception of the Jenkins Core vulnerability, all of the Qualys top 10 also appear on the US Cybersecurity and Infrastructure Security Agency (CISA) known exploited vulnerabilities (KEV) catalogue mandating patching across US government bodies.

Many of these vulnerabilities, notably those in Ivanti’s product set and ConnectWise ScreenConnect, have already been at the centre of some of the most impactful cyber security incidents of the year so far. The final vulnerability on the list, in the Windows MSHTML Platform, was only disclosed a few weeks ago in the July Patch Tuesday update, and although it has likely been exploited since 2023, its inclusion on Qualys’ top 10 list serves as a warning to admins of the speed with which threat actors pick up on publicised vulnerabilities.

Old vulnerabilities prove their worth

The overall upward trend in CVE volumes underscores a “persistent and substantial escalation” in vulnerability discovery, explained Abbasi.

“The increase in CVEs reflects rising software complexity and the broader use of technology, necessitating advanced and dynamic vulnerability management strategies to mitigate evolving cyber security threats,” he said.

However, the Qualys TRU’s analysis has also indicated an increase in the weaponisation of old CVEs this year. While older bugs often resurface and exploits are developed well after disclosure, there has been a 10% increase in this sort of activity so far this year. Abbasi said this was a “stark reminder” that security was not just about staying ahead of threat actors, but also not falling behind them.

Many of the older weaponised vulnerabilities in circulation have been trending on the dark web for months, one prominent example being CVE-2023-43208 in NextGen Mirth Connect Java XStream, heavily used by the health sector. And just this week, CISA added a six year-old remote code execution bug in Microsoft COM to the KEV catalogue, after Cisco Talos researchers found it being exploited by a Chinese government APT in an attack chain used against a Taiwanese victim.

“This resurgence of previously identified vulnerabilities, which mainly impact remote services and public-facing applications, highlights a significant oversight in updating and enforcing cyber security protocols. This re-emergence emphasises the need to shift from a purely reactive security posture to a more proactive, predictive, and preventative approach,” advised Abbasi.

#CVEs #weaponised

TAGGED:CVEsweaponised
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Human remains found inside crocodile – as it emerges husband ‘likely saved’ his wife with ‘final act’ | World News Human remains found inside crocodile – as it emerges husband ‘likely saved’ his wife with ‘final act’ | World News
Next Article How an obscure Japanese yen trade sparked a global market meltdown—and why the worst could be yet to come How an obscure Japanese yen trade sparked a global market meltdown—and why the worst could be yet to come
- Advertisement -

Latest Post

NH mom, two daughters share rare medical condition
NH mom, two daughters share rare medical condition
World News
Tornado Cash Dev Roman Storm’s Defense Team Wants to Know if DOJ Withheld Evidence
Tornado Cash Dev Roman Storm’s Defense Team Wants to Know if DOJ Withheld Evidence
Cryptocurrency
Measles vaccines save millions of lives each year
Measles vaccines save millions of lives each year
World News
XRP price risks falling to  after classic bearish chart pattern confirms
XRP price risks falling to $2 after classic bearish chart pattern confirms
Cryptocurrency
Tether surpasses Germany’s 1B of US Treasury holdings
Tether surpasses Germany’s $111B of US Treasury holdings
Cryptocurrency
Bomb blast kills four in southwest Pakistan: Officials
Bomb blast kills four in southwest Pakistan: Officials
World News
- Advertisement -

You Might Also Like

Astronauts to stay on ISS for weeks longer amid probe into Boeing Starliner’s thruster issue
Technology

Astronauts to stay on ISS for weeks longer amid probe into Boeing Starliner’s thruster issue

June 30, 2024
YouTube Cracks Down on Fake Cancer Cures
Technology

YouTube Cracks Down on Fake Cancer Cures

August 15, 2023
The shifting winds of SAP’s cloud strategy
Technology

The shifting winds of SAP’s cloud strategy

January 30, 2024
Why Is Someone Pretending to Be OpenAI’s New Billion Dollar Investor?
Technology

Why Is Someone Pretending to Be OpenAI’s New Billion Dollar Investor?

August 15, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?