Nation state APT groups prefer old, unpatched vulnerabilities

Do you have a good handle on the patch status of the devices, including video equipment and all that other non-computer stuff on your network?…:

[…] In a newly published disclosure, CISA and the FBI set out details on the most widely exploited common vulnerabilities and exposures (CVEs) of the past three years, and revealed some of the emerging threats they are seeing today.

“Foreign cyber actors continue to exploit publicly known – and often dated – software vulnerabilities against broad target sets, including public and private sector organisations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available,” said CISA in its disclosure.

“The public and private sectors could degrade some foreign cyber threats to US interests through an increased effort to patch their systems and implement programs to keep system patching up to date.


Original article here