As many as 768 vulnerabilities with designated CVE identifiers had been reported as exploited within the wild in 2024, up from 639 CVEs in 2023, registering a 20% enhance year-over-year.
Describing 2024 as “one other banner 12 months for risk actors focusing on the exploitation of vulnerabilities,” VulnCheck stated 23.6% of recognized exploited vulnerabilities (KEV) had been recognized to be weaponized both on or earlier than the day their CVEs had been publicly disclosed.
This marks a slight lower from 2023’s 26.8%, indicating that exploitation makes an attempt can happen at any time in a vulnerability’s lifecycle.
“Throughout 2024, 1% of the CVEs revealed had been reported publicly as exploited within the wild,” VulnCheck’s Patrick Garrity stated in a report shared with The Hacker Information. “This quantity is anticipated to develop as exploitation is commonly found lengthy after a CVE is revealed.”
The report comes over two months after the corporate revealed that 15 totally different Chinese language hacking teams out of a complete of 60 named risk actors have been linked to the abuse of no less than one of many high 15 routinely exploited vulnerabilities in 2023.
“Not surprisingly, the Log4j CVE (CVE-2021-44228) is related to essentially the most risk actors general, with 31 named risk actors linked to its exploitation,” Garrity famous late final 12 months, including the corporate recognized 65,245 hosts doubtlessly susceptible to the flaw.
In all, there are roughly 400,000 internet-accessible methods possible prone to assaults stemming from the exploitation of 15 safety shortcomings in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho merchandise.
“Organizations ought to consider their publicity to those applied sciences, improve visibility into potential dangers, leverage sturdy risk intelligence, keep robust patch administration practices, and implement mitigating controls, reminiscent of minimizing internet-facing publicity of those units wherever attainable,” VulnCheck stated.