"Published Vulnerabilities Surge by 43%"

According to security researchers at Forescout, published vulnerabilities rose by 43% in H1 2024 compared to H1 2023, with attackers heavily targeting flaws in virtual private networks (VPNs) and other perimeter devices for initial access.  The researchers noted that 23,668 vulnerabilities were reported in the first six months of 2024, with an average of 111 new CVEs per day.  The majority of published vulnerabilities in H1 2024 had either a medium (39%) or low (25%) severity score (CVSS), while just 9% had a critical score.  This is in contrast to the same period last year, where around two-thirds of vulnerabilities were either medium (39%) or high (27%).  The researchers said 87 CVEs were added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog in H1 2024, bringing the total to 1140 vulnerabilities.  This represents a decrease of 23% compared to the same period in 2023.  During their research the researchers also found that most threat actors active in H1 2024 originated from China (65), Russia 36%) and Iran (21), with China overtaking Russia from H1 2023.  The researchers noted a 6% rise in ransomware attacks in H1 2024 compared to H1 2023, reaching 3085 attacks.

Infosecurity Magazine reports: "Published Vulnerabilities Surge by 43%"