Annual Vulnerability Report Insights - 2022
Download as PPTX, PDF0 likes24 views
The document is SecPod Labs' 2022 annual vulnerability report. It summarizes key findings from SecPod's research in 2022, including over 26,000 vulnerabilities discovered, 191 widely exploited vulnerabilities, and 37 zero-day vulnerabilities. The top vulnerabilities of 2022 are described. SecPod's security intelligence coverage for 2022 is also summarized, including coverage of over 22,000 CVEs and 124 malware exploits. The report concludes with SecPod's milestones in 2022 and predictions for 2023 vulnerabilities.
Annual Vulnerability Report Insights - 2022
- 1. SecPod Labs Intelligence Series 2022 Annual Vulnerability Report Insights Webcasts Host – Sakshi Dhiman Veerendra GG and Pooja Shetty Security Intelligence Team
- 2. TODAY’S AGENDA 2023 Vulnerability Predictions Questions and Answers Top Vulnerabilities of 2022 02 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY SecPod’s Security Coverage
- 3. Annual Vulnerability Report Vulnerabilities Discovered January - December 2022 Top Vulnerabilities Top Affected Products SecPod’s Security Coverage Key Insights and Predictions 03 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 4. Key Findings From SecPod’s Research 04 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY 26288 Vulnerabilities discovered in 2022 191 Vulnerabilities wildly exploited 37 Zero Day Vulnerabilities 124 Malware Exploiting Vulnerabilities
- 5. Vulnerability Trend 2022 05 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 6. Vulnerabilities Discovered in 2022 06 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 7. Vulnerability Severity Distribution Based on CVSSv3 07 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 8. Top 10 Affected Operating Systems 08 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 9. Top 10 Affected Applications 09 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 10. Top Vulnerabilities of 2022 01 0 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 11. Products Affected Remote PHP Code Execution Web shell deployment Remote access trojan (RAT) Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7- p2 and earlier CVE ID CVE-2022-24086 Unauthenticated Remote Code Execution in Adobe Commerce 11 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 12. Products Affected An authentication bypass vulnerability allows remote code execution. Sophos Firewall v18.5 MR3 (18.5.3) and older CVE ID CVE-2022-1040 An Authentication Bypass Vulnerability in Sophos Firewall 12 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 13. Products Affected Once privilege escalation is achieved attackers use it for further deploying malware, accessing confidential information. This could allow them to spread laterally inside the network, create new administrator users, and run privileged command The vulnerability was under active exploitation Windows 10 1809 and above including servers CVE ID CVE-2022-21882 Local Privilege Escalation Vulnerability in Microsoft Windows 13 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 14. Products Affected Type confusion vulnerability in Apple's Webkit web browser browsing engine. This bug was actually reported and initially fixed in 2013. In 2016 the fix was regressed The vulnerability was under active exploitation Safari 15.3, iOS 15.3, macOS 12.2 and earlier CVE ID CVE-2022-42856 Type confusion vulnerability in Apple's Webkit web browser engine. 14 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 15. Products Affected StringSubstitutor interpolator is not as widely used as the string substitution in Log4j, which led to Log4Shell. The severity is Critical due to the easy exploitability and the huge potential impacts in terms of confidentiality, integrity and availability. Apache Commons Text Library CVE ID CVE-2022-42889 Text4shell RCE in String Substitutor interpolator class in Apache Commons Text Library 15 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 16. Products Affected The issue results from the lack of validating the existence of an object prior to performing operations on the object Linux kernel: before 5.15.61 CVE ID CVE-2022-47939 Linux Kernel ksmbd Critical Use-After-Free Remote Code Execution Vulnerability 16 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Impact
- 17. SecPod’s Security Intelligence Coverage in 2022 7 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY Total CVEs Covered: 22597 Zero-day CVEs Covered: 34 CISA Vulnerability Coverage: 741/868 Total Misconfigurations covered: 2938 Total MVEs Covered: 124 Posture Anomaly Computation Rules 75+ rules to discover anomalies, outliers, and aberrations in IT infrastructure Common Remediation Enumeration (CRE) Coverage Application Patches: 1152 Third-party patches: 802 Misconfiguration patches: 2812 OS Patches: All Latest Versions CVE Coverage Based on Platforms Windows: 1380 Linux: 8074 macOS: 2416
- 18. 2022’s Milestones 18 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY 24-30 hours is the average time taken to support latest vulnerabilities 85% of Microsoft & Apple security advisories were covered within 30 hours 100% of discovered Zero Days were covered 86.4% of the Zero days can be fixed using SanerNow (except Mobile and Network devices) 1.1+ billion scans performed in 2022 99.999645%scan accuracy rate achieved
- 19. 2023 Vulnerability Predictions 19 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 20. QUESTIONS? 20 Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 21. ACHIEVE CYBER HYGIENE TRY SANERNOW FREE For enquiries, contact us at: Email: info@secpod.com | Tech Support: support@secpod.com Phone: (+1) 918 625 3023 (US) | (+91) 80 4121 4020 (IN) WWW.SECPOD.COM To request a free trial account, visit our website or email us at info@secpod.com