2023’s Top 15 Security Nightmares
Congratulations To Citrix For Taking Both 1st And 2nd Place!
2023 has not been fun for anyone that follows computer security, especially if you have to deal with them once they’ve been identified. The Five Eyes countries have released their list of the 15 most egregious security issues discovered last year. They earned their ranking thanks to the remote code execution bug in NetScaler ADC and Gateway, and for those products leaking sensitive information when configured as they are intended, as a gateway or authentication, authorization and accounting server.
Cisco did their best but could only get third and fourth place for letting users elevate a non-privileged account to have root access and for allowing code that had not been validated to be run as root. The fifth was Fortinet’s FortiOS, used by many large corporations, which allowed you to remotely cause code to execute merely by sending it a request designed to cause a buffer overflow. The Register has a rundown of the rest, including links to the CVE pages if you don’t recall exactly how awful these were.
2024’s list will be even worse sadly.
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and warned that attacks on zero-day exploits have become more common.
More Tech News From Around The Web
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost @ The Register
- Microsoft pulls Exchange security updates over mail delivery issues @ Bleeping Computer
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks @ Bleeping Computer
- Microsoft finally releases generic install ISOs for the Arm version of Windows @ Ars Technica
- Apple hit with £3 billion claim of ripping off 40 million UK iCloud users @ The Register
- FTC to launch investigation into Microsoft’s cloud business @ Ars Technica
- Is Anyone Crazy Enough To Audit Super Micro Computer? @ Slashdot
- Amazon’s 2024 Kindle Paperwhite makes the best e-reader a little better @ Ars Technica