“This is just another example of attacks that take advantage of older vulnerabilities that have patches available and were known to be dangerous even by basic risk rating systems like CVSS v3.0.
“While both private and public organisations lean towards today’s latest and greatest buzzword technologies or niche security tools, attackers keep showing that they’re most successful targeting the wide open doors caused by a lack of basic cybersecurity fundamentals. Every organisation should be assessing all of their technology assets wherever they are for vulnerabilities and misconfigurations, prioritising the remediation efforts based on technical and business criticality measures and then executing the remediation plan as soon as possible.
“Basic adherence to these practices would have surfaced this vulnerability and given organisations plenty of time to patch it and prevent this sort of attack from occurring.
“Organisations need to move away from the notion that fundamental security practices aren’t needed or that organisations are too small to be attacked. Cyberattackers focus on these kinds of crimes of opportunity, as they are simple, easy to execute and cost effective for them to perform. Organisations must stop taking a reactive, wait-and-see approach to closing the doors on these attack opportunities and build a culture of proactive, preventive security measures that finds these types of vulnerabilities early and creates the mechanism to correct the flaw before it’s exploited.” — Nathan Wenzler, Chief Cybersecurity Strategist, Tenable
Viral Hit ‘Bramble: TMK’ Release Date Reveal
