"Patching & Passwords Lead the Problem Pack for Cyber-Teams"

According to a recent study conducted by the cybersecurity firm Horizon3.ai, ineffective credential policies and a lax approach to patching were among the most common points of Information Technology (IT) security failure for organizations in 2022. The improper configuration of tools also left organizations vulnerable to attack. The study involved the analysis of results of around 7,000 penetration tests that covered approximately 1 million assets. The use of weak or reused credentials topped the list of the Top 10 vulnerabilities identified by Horizon3.ai in 2022, followed by weak or default credential checks in protocols (SSH and FTP) and threat actors leveraging Dark Web credential dumps from Windows and Linux systems. Rounding out the top five were the exploitation of critical vulnerabilities included on the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) list of the Top 15 Routinely Exploited Vulnerabilities as well as the abuse of critical VMWare vulnerabilities. The study also cautioned that threat actors are combining stolen credentials with the performance of social engineering tactics to conduct high-profile breaches. They are also performing multi-factor authentication (MFA) fatigue attacks. This article continues to discuss key findings and observations from Horizon3.ai's Year in Review 2022 report on the cybersecurity landscape. 

Dark Reading reports "Patching & Passwords Lead the Problem Pack for Cyber-Teams"