Uncovering
Автор: Phoenix Security
Загружено: 2023-08-13
Просмотров: 33
While running, a question popped into my head, what correlation exists between exploit in the wild, context, and exploitation at scale ?
Link: https://phoenix.security/exploitabili...
Navigating the #exploitation vs #exploit universe, subtle difference but important! 🚀🔒
#CISA does a fantastic job at highlighting those critical vulnerabilities and we wanted to help.
We submitted 10 vulnerabilities for review hope this work helps Jen Easterly thanks for all the work !
What is exploitability? Exploitability is the concept of an exploit deployed in the wild detected from sources like EPSS,Graynoise and another honeynet with signatures.
Exploit availability and popularity of an exploit indicate how many time the exploit has been published, distributed over several channels like Github, Hacker 1 alerts, Metaexploit and how readily available are those exploits in frameworks like Metaexploit to be used and attacked
We crunched across 300.000 data record of exploits and discovered some interesting trends.
While in cisa kev a lot of the exploits are faily consistent, the percentage of exploitation per platform source varies
For Microsoft the exploit verified were higher on windows 10, while the top popular report from hacker 1 was exchange server
while github and other popular source of exploits seems to allign with exploit database
Bottom line you should not judge only criticality from exploit available from one source or just from exploit in the wild.
Combining the two create a powerful comparison
Our holy trinity in this journey? Exploitability, CVSS, and #EPSS / CTI, garnished with a sprinkling of criticality and how important an application is, externality! 🙌 Why? Because that’s how we bake a risk communication pie! 🥧
at Phoenix we enable you to see those and more data with the first contextual and evidence-based vulnerability platform from your code to cloud.
Here's a rundown of the top vulnerable...threats, in three different categories:
🏆 Top 10 by criticality: Oracle, Apache, Debian, Microsoft, Fedora Project, Google, Red Hat, VMware, NetApp, and Zoho Corp!
🥇 Top 10 by exploit popularity: Microsoft, Oracle, Debian, Apache, Google, NetApp, Red Hat, Apple, Fedora Project, and Atlassian!
🎖️ Top 10 by weighted average EPSS: Oracle, Microsoft, Apache, Debian, Red Hat, Atlassian, VMware, F5, GNU, and NetApp!
Stay tuned for more running and baking analogies and valuable insights! In the meantime, don't forget to join us on September the 13 at planet cyber #appsecSocal for more insight into the data
😉🔒
#cybersecurity #exploits #vulnerabilitymanagement #EPSS #CVSS #github
Join the Application security revolution with Phoenix Security, take action and fix today the vulnerabilities that will be exploited tomorrow.
Visit www.phoenix.security, get your free demo today and see the change for yourself.
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
